From a817dc6f70743e3c5c82ee20c7b00ab4fe159eea Mon Sep 17 00:00:00 2001
From: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
Date: Fri, 17 Jan 2025 11:35:28 -0600
Subject: [PATCH] Attempt to pass unit tests with different dump command
---
dojo/fixtures/defect_dojo_sample_data.json | 150128 +++++++++---------
fixture-updater | Bin 8669026 -> 8669026 bytes
unittests/test_sample_data.py | 11 +
3 files changed, 72821 insertions(+), 77318 deletions(-)
diff --git a/dojo/fixtures/defect_dojo_sample_data.json b/dojo/fixtures/defect_dojo_sample_data.json
index d163e274086..41c855f2630 100644
--- a/dojo/fixtures/defect_dojo_sample_data.json
+++ b/dojo/fixtures/defect_dojo_sample_data.json
@@ -1,77780 +1,73272 @@
[
{
- "model": "auth.permission",
- "pk": 1,
- "fields": {
- "name": "Can add permission",
- "content_type": 1,
- "codename": "add_permission"
- }
-},
-{
- "model": "auth.permission",
- "pk": 2,
- "fields": {
- "name": "Can change permission",
- "content_type": 1,
- "codename": "change_permission"
- }
-},
-{
- "model": "auth.permission",
- "pk": 3,
- "fields": {
- "name": "Can delete permission",
- "content_type": 1,
- "codename": "delete_permission"
- }
-},
-{
- "model": "auth.permission",
- "pk": 4,
- "fields": {
- "name": "Can view permission",
- "content_type": 1,
- "codename": "view_permission"
- }
-},
-{
- "model": "auth.permission",
- "pk": 5,
- "fields": {
- "name": "Can add group",
- "content_type": 2,
- "codename": "add_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 6,
- "fields": {
- "name": "Can change group",
- "content_type": 2,
- "codename": "change_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 7,
- "fields": {
- "name": "Can delete group",
- "content_type": 2,
- "codename": "delete_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 8,
- "fields": {
- "name": "Can view group",
- "content_type": 2,
- "codename": "view_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 9,
- "fields": {
- "name": "Can add user",
- "content_type": 3,
- "codename": "add_user"
- }
-},
-{
- "model": "auth.permission",
- "pk": 10,
- "fields": {
- "name": "Can change user",
- "content_type": 3,
- "codename": "change_user"
- }
-},
-{
- "model": "auth.permission",
- "pk": 11,
- "fields": {
- "name": "Can delete user",
- "content_type": 3,
- "codename": "delete_user"
- }
-},
-{
- "model": "auth.permission",
- "pk": 12,
- "fields": {
- "name": "Can view user",
- "content_type": 3,
- "codename": "view_user"
- }
-},
-{
- "model": "auth.permission",
- "pk": 13,
- "fields": {
- "name": "Can add content type",
- "content_type": 4,
- "codename": "add_contenttype"
- }
-},
-{
- "model": "auth.permission",
- "pk": 14,
- "fields": {
- "name": "Can change content type",
- "content_type": 4,
- "codename": "change_contenttype"
- }
-},
-{
- "model": "auth.permission",
- "pk": 15,
- "fields": {
- "name": "Can delete content type",
- "content_type": 4,
- "codename": "delete_contenttype"
- }
-},
-{
- "model": "auth.permission",
- "pk": 16,
- "fields": {
- "name": "Can view content type",
- "content_type": 4,
- "codename": "view_contenttype"
- }
-},
-{
- "model": "auth.permission",
- "pk": 17,
- "fields": {
- "name": "Can add session",
- "content_type": 5,
- "codename": "add_session"
- }
-},
-{
- "model": "auth.permission",
- "pk": 18,
- "fields": {
- "name": "Can change session",
- "content_type": 5,
- "codename": "change_session"
- }
-},
-{
- "model": "auth.permission",
- "pk": 19,
- "fields": {
- "name": "Can delete session",
- "content_type": 5,
- "codename": "delete_session"
- }
-},
-{
- "model": "auth.permission",
- "pk": 20,
- "fields": {
- "name": "Can view session",
- "content_type": 5,
- "codename": "view_session"
- }
-},
-{
- "model": "auth.permission",
- "pk": 21,
- "fields": {
- "name": "Can add site",
- "content_type": 6,
- "codename": "add_site"
- }
-},
-{
- "model": "auth.permission",
- "pk": 22,
- "fields": {
- "name": "Can change site",
- "content_type": 6,
- "codename": "change_site"
- }
-},
-{
- "model": "auth.permission",
- "pk": 23,
- "fields": {
- "name": "Can delete site",
- "content_type": 6,
- "codename": "delete_site"
- }
-},
-{
- "model": "auth.permission",
- "pk": 24,
- "fields": {
- "name": "Can view site",
- "content_type": 6,
- "codename": "view_site"
- }
-},
-{
- "model": "auth.permission",
- "pk": 25,
- "fields": {
- "name": "Can add log entry",
- "content_type": 7,
- "codename": "add_logentry"
- }
-},
-{
- "model": "auth.permission",
- "pk": 26,
- "fields": {
- "name": "Can change log entry",
- "content_type": 7,
- "codename": "change_logentry"
- }
-},
-{
- "model": "auth.permission",
- "pk": 27,
- "fields": {
- "name": "Can delete log entry",
- "content_type": 7,
- "codename": "delete_logentry"
- }
-},
-{
- "model": "auth.permission",
- "pk": 28,
- "fields": {
- "name": "Can view log entry",
- "content_type": 7,
- "codename": "view_logentry"
- }
-},
-{
- "model": "auth.permission",
- "pk": 29,
- "fields": {
- "name": "Can add log entry",
- "content_type": 8,
- "codename": "add_logentry"
- }
-},
-{
- "model": "auth.permission",
- "pk": 30,
- "fields": {
- "name": "Can change log entry",
- "content_type": 8,
- "codename": "change_logentry"
- }
-},
-{
- "model": "auth.permission",
- "pk": 31,
- "fields": {
- "name": "Can delete log entry",
- "content_type": 8,
- "codename": "delete_logentry"
- }
-},
-{
- "model": "auth.permission",
- "pk": 32,
- "fields": {
- "name": "Can view log entry",
- "content_type": 8,
- "codename": "view_logentry"
- }
-},
-{
- "model": "auth.permission",
- "pk": 33,
- "fields": {
- "name": "Can add regulation",
- "content_type": 9,
- "codename": "add_regulation"
- }
-},
-{
- "model": "auth.permission",
- "pk": 34,
- "fields": {
- "name": "Can change regulation",
- "content_type": 9,
- "codename": "change_regulation"
- }
-},
-{
- "model": "auth.permission",
- "pk": 35,
- "fields": {
- "name": "Can delete regulation",
- "content_type": 9,
- "codename": "delete_regulation"
- }
-},
-{
- "model": "auth.permission",
- "pk": 36,
- "fields": {
- "name": "Can view regulation",
- "content_type": 9,
- "codename": "view_regulation"
- }
-},
-{
- "model": "auth.permission",
- "pk": 37,
- "fields": {
- "name": "Can add dojo_ user",
- "content_type": 10,
- "codename": "add_dojo_user"
- }
-},
-{
- "model": "auth.permission",
- "pk": 38,
- "fields": {
- "name": "Can change dojo_ user",
- "content_type": 10,
- "codename": "change_dojo_user"
- }
-},
-{
- "model": "auth.permission",
- "pk": 39,
- "fields": {
- "name": "Can delete dojo_ user",
- "content_type": 10,
- "codename": "delete_dojo_user"
- }
-},
-{
- "model": "auth.permission",
- "pk": 40,
- "fields": {
- "name": "Can view dojo_ user",
- "content_type": 10,
- "codename": "view_dojo_user"
- }
-},
-{
- "model": "auth.permission",
- "pk": 41,
- "fields": {
- "name": "Can add user contact info",
- "content_type": 11,
- "codename": "add_usercontactinfo"
- }
-},
-{
- "model": "auth.permission",
- "pk": 42,
- "fields": {
- "name": "Can change user contact info",
- "content_type": 11,
- "codename": "change_usercontactinfo"
- }
-},
-{
- "model": "auth.permission",
- "pk": 43,
- "fields": {
- "name": "Can delete user contact info",
- "content_type": 11,
- "codename": "delete_usercontactinfo"
- }
-},
-{
- "model": "auth.permission",
- "pk": 44,
- "fields": {
- "name": "Can view user contact info",
- "content_type": 11,
- "codename": "view_usercontactinfo"
- }
-},
-{
- "model": "auth.permission",
- "pk": 45,
- "fields": {
- "name": "Can add dojo_ group",
- "content_type": 12,
- "codename": "add_dojo_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 46,
- "fields": {
- "name": "Can change dojo_ group",
- "content_type": 12,
- "codename": "change_dojo_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 47,
- "fields": {
- "name": "Can delete dojo_ group",
- "content_type": 12,
- "codename": "delete_dojo_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 48,
- "fields": {
- "name": "Can view dojo_ group",
- "content_type": 12,
- "codename": "view_dojo_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 49,
- "fields": {
- "name": "Can add role",
- "content_type": 13,
- "codename": "add_role"
- }
-},
-{
- "model": "auth.permission",
- "pk": 50,
- "fields": {
- "name": "Can change role",
- "content_type": 13,
- "codename": "change_role"
- }
-},
-{
- "model": "auth.permission",
- "pk": 51,
- "fields": {
- "name": "Can delete role",
- "content_type": 13,
- "codename": "delete_role"
- }
-},
-{
- "model": "auth.permission",
- "pk": 52,
- "fields": {
- "name": "Can view role",
- "content_type": 13,
- "codename": "view_role"
- }
-},
-{
- "model": "auth.permission",
- "pk": 53,
- "fields": {
- "name": "Can add system_ settings",
- "content_type": 14,
- "codename": "add_system_settings"
- }
-},
-{
- "model": "auth.permission",
- "pk": 54,
- "fields": {
- "name": "Can change system_ settings",
- "content_type": 14,
- "codename": "change_system_settings"
- }
-},
-{
- "model": "auth.permission",
- "pk": 55,
- "fields": {
- "name": "Can delete system_ settings",
- "content_type": 14,
- "codename": "delete_system_settings"
- }
-},
-{
- "model": "auth.permission",
- "pk": 56,
- "fields": {
- "name": "Can view system_ settings",
- "content_type": 14,
- "codename": "view_system_settings"
- }
-},
-{
- "model": "auth.permission",
- "pk": 57,
- "fields": {
- "name": "Can add dojo_ group_ member",
- "content_type": 15,
- "codename": "add_dojo_group_member"
- }
-},
-{
- "model": "auth.permission",
- "pk": 58,
- "fields": {
- "name": "Can change dojo_ group_ member",
- "content_type": 15,
- "codename": "change_dojo_group_member"
- }
-},
-{
- "model": "auth.permission",
- "pk": 59,
- "fields": {
- "name": "Can delete dojo_ group_ member",
- "content_type": 15,
- "codename": "delete_dojo_group_member"
- }
-},
-{
- "model": "auth.permission",
- "pk": 60,
- "fields": {
- "name": "Can view dojo_ group_ member",
- "content_type": 15,
- "codename": "view_dojo_group_member"
- }
-},
-{
- "model": "auth.permission",
- "pk": 61,
- "fields": {
- "name": "Can add global_ role",
- "content_type": 16,
- "codename": "add_global_role"
- }
-},
-{
- "model": "auth.permission",
- "pk": 62,
- "fields": {
- "name": "Can change global_ role",
- "content_type": 16,
- "codename": "change_global_role"
- }
-},
-{
- "model": "auth.permission",
- "pk": 63,
- "fields": {
- "name": "Can delete global_ role",
- "content_type": 16,
- "codename": "delete_global_role"
- }
-},
-{
- "model": "auth.permission",
- "pk": 64,
- "fields": {
- "name": "Can view global_ role",
- "content_type": 16,
- "codename": "view_global_role"
- }
-},
-{
- "model": "auth.permission",
- "pk": 65,
- "fields": {
- "name": "Can add contact",
- "content_type": 17,
- "codename": "add_contact"
- }
-},
-{
- "model": "auth.permission",
- "pk": 66,
- "fields": {
- "name": "Can change contact",
- "content_type": 17,
- "codename": "change_contact"
- }
-},
-{
- "model": "auth.permission",
- "pk": 67,
- "fields": {
- "name": "Can delete contact",
- "content_type": 17,
- "codename": "delete_contact"
- }
-},
-{
- "model": "auth.permission",
- "pk": 68,
- "fields": {
- "name": "Can view contact",
- "content_type": 17,
- "codename": "view_contact"
- }
-},
-{
- "model": "auth.permission",
- "pk": 69,
- "fields": {
- "name": "Can add note_ type",
- "content_type": 18,
- "codename": "add_note_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 70,
- "fields": {
- "name": "Can change note_ type",
- "content_type": 18,
- "codename": "change_note_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 71,
- "fields": {
- "name": "Can delete note_ type",
- "content_type": 18,
- "codename": "delete_note_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 72,
- "fields": {
- "name": "Can view note_ type",
- "content_type": 18,
- "codename": "view_note_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 73,
- "fields": {
- "name": "Can add note history",
- "content_type": 19,
- "codename": "add_notehistory"
- }
-},
-{
- "model": "auth.permission",
- "pk": 74,
- "fields": {
- "name": "Can change note history",
- "content_type": 19,
- "codename": "change_notehistory"
- }
-},
-{
- "model": "auth.permission",
- "pk": 75,
- "fields": {
- "name": "Can delete note history",
- "content_type": 19,
- "codename": "delete_notehistory"
- }
-},
-{
- "model": "auth.permission",
- "pk": 76,
- "fields": {
- "name": "Can view note history",
- "content_type": 19,
- "codename": "view_notehistory"
- }
-},
-{
- "model": "auth.permission",
- "pk": 77,
- "fields": {
- "name": "Can add notes",
- "content_type": 20,
- "codename": "add_notes"
- }
-},
-{
- "model": "auth.permission",
- "pk": 78,
- "fields": {
- "name": "Can change notes",
- "content_type": 20,
- "codename": "change_notes"
- }
-},
-{
- "model": "auth.permission",
- "pk": 79,
- "fields": {
- "name": "Can delete notes",
- "content_type": 20,
- "codename": "delete_notes"
- }
-},
-{
- "model": "auth.permission",
- "pk": 80,
- "fields": {
- "name": "Can view notes",
- "content_type": 20,
- "codename": "view_notes"
- }
-},
-{
- "model": "auth.permission",
- "pk": 81,
- "fields": {
- "name": "Can add file upload",
- "content_type": 21,
- "codename": "add_fileupload"
- }
-},
-{
- "model": "auth.permission",
- "pk": 82,
- "fields": {
- "name": "Can change file upload",
- "content_type": 21,
- "codename": "change_fileupload"
- }
-},
-{
- "model": "auth.permission",
- "pk": 83,
- "fields": {
- "name": "Can delete file upload",
- "content_type": 21,
- "codename": "delete_fileupload"
- }
-},
-{
- "model": "auth.permission",
- "pk": 84,
- "fields": {
- "name": "Can view file upload",
- "content_type": 21,
- "codename": "view_fileupload"
- }
-},
-{
- "model": "auth.permission",
- "pk": 85,
- "fields": {
- "name": "Can add product_ type",
- "content_type": 22,
- "codename": "add_product_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 86,
- "fields": {
- "name": "Can change product_ type",
- "content_type": 22,
- "codename": "change_product_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 87,
- "fields": {
- "name": "Can delete product_ type",
- "content_type": 22,
- "codename": "delete_product_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 88,
- "fields": {
- "name": "Can view product_ type",
- "content_type": 22,
- "codename": "view_product_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 89,
- "fields": {
- "name": "Can add product_ line",
- "content_type": 23,
- "codename": "add_product_line"
- }
-},
-{
- "model": "auth.permission",
- "pk": 90,
- "fields": {
- "name": "Can change product_ line",
- "content_type": 23,
- "codename": "change_product_line"
- }
-},
-{
- "model": "auth.permission",
- "pk": 91,
- "fields": {
- "name": "Can delete product_ line",
- "content_type": 23,
- "codename": "delete_product_line"
- }
-},
-{
- "model": "auth.permission",
- "pk": 92,
- "fields": {
- "name": "Can view product_ line",
- "content_type": 23,
- "codename": "view_product_line"
- }
-},
-{
- "model": "auth.permission",
- "pk": 93,
- "fields": {
- "name": "Can add report_ type",
- "content_type": 24,
- "codename": "add_report_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 94,
- "fields": {
- "name": "Can change report_ type",
- "content_type": 24,
- "codename": "change_report_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 95,
- "fields": {
- "name": "Can delete report_ type",
- "content_type": 24,
- "codename": "delete_report_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 96,
- "fields": {
- "name": "Can view report_ type",
- "content_type": 24,
- "codename": "view_report_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 97,
- "fields": {
- "name": "Can add test_ type",
- "content_type": 25,
- "codename": "add_test_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 98,
- "fields": {
- "name": "Can change test_ type",
- "content_type": 25,
- "codename": "change_test_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 99,
- "fields": {
- "name": "Can delete test_ type",
- "content_type": 25,
- "codename": "delete_test_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 100,
- "fields": {
- "name": "Can view test_ type",
- "content_type": 25,
- "codename": "view_test_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 101,
- "fields": {
- "name": "Can add dojo meta",
- "content_type": 26,
- "codename": "add_dojometa"
- }
-},
-{
- "model": "auth.permission",
- "pk": 102,
- "fields": {
- "name": "Can change dojo meta",
- "content_type": 26,
- "codename": "change_dojometa"
- }
-},
-{
- "model": "auth.permission",
- "pk": 103,
- "fields": {
- "name": "Can delete dojo meta",
- "content_type": 26,
- "codename": "delete_dojometa"
- }
-},
-{
- "model": "auth.permission",
- "pk": 104,
- "fields": {
- "name": "Can view dojo meta",
- "content_type": 26,
- "codename": "view_dojometa"
- }
-},
-{
- "model": "auth.permission",
- "pk": 105,
- "fields": {
- "name": "Can add sl a_ configuration",
- "content_type": 27,
- "codename": "add_sla_configuration"
- }
-},
-{
- "model": "auth.permission",
- "pk": 106,
- "fields": {
- "name": "Can change sl a_ configuration",
- "content_type": 27,
- "codename": "change_sla_configuration"
- }
-},
-{
- "model": "auth.permission",
- "pk": 107,
- "fields": {
- "name": "Can delete sl a_ configuration",
- "content_type": 27,
- "codename": "delete_sla_configuration"
- }
-},
-{
- "model": "auth.permission",
- "pk": 108,
- "fields": {
- "name": "Can view sl a_ configuration",
- "content_type": 27,
- "codename": "view_sla_configuration"
- }
-},
-{
- "model": "auth.permission",
- "pk": 109,
- "fields": {
- "name": "Can add product tags",
- "content_type": 28,
- "codename": "add_tagulous_product_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 110,
- "fields": {
- "name": "Can change product tags",
- "content_type": 28,
- "codename": "change_tagulous_product_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 111,
- "fields": {
- "name": "Can delete product tags",
- "content_type": 28,
- "codename": "delete_tagulous_product_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 112,
- "fields": {
- "name": "Can view product tags",
- "content_type": 28,
- "codename": "view_tagulous_product_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 113,
- "fields": {
- "name": "Can add product",
- "content_type": 29,
- "codename": "add_product"
- }
-},
-{
- "model": "auth.permission",
- "pk": 114,
- "fields": {
- "name": "Can change product",
- "content_type": 29,
- "codename": "change_product"
- }
-},
-{
- "model": "auth.permission",
- "pk": 115,
- "fields": {
- "name": "Can delete product",
- "content_type": 29,
- "codename": "delete_product"
- }
-},
-{
- "model": "auth.permission",
- "pk": 116,
- "fields": {
- "name": "Can view product",
- "content_type": 29,
- "codename": "view_product"
- }
-},
-{
- "model": "auth.permission",
- "pk": 117,
- "fields": {
- "name": "Can add product_ member",
- "content_type": 30,
- "codename": "add_product_member"
- }
-},
-{
- "model": "auth.permission",
- "pk": 118,
- "fields": {
- "name": "Can change product_ member",
- "content_type": 30,
- "codename": "change_product_member"
- }
-},
-{
- "model": "auth.permission",
- "pk": 119,
- "fields": {
- "name": "Can delete product_ member",
- "content_type": 30,
- "codename": "delete_product_member"
- }
-},
-{
- "model": "auth.permission",
- "pk": 120,
- "fields": {
- "name": "Can view product_ member",
- "content_type": 30,
- "codename": "view_product_member"
- }
-},
-{
- "model": "auth.permission",
- "pk": 121,
- "fields": {
- "name": "Can add product_ group",
- "content_type": 31,
- "codename": "add_product_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 122,
- "fields": {
- "name": "Can change product_ group",
- "content_type": 31,
- "codename": "change_product_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 123,
- "fields": {
- "name": "Can delete product_ group",
- "content_type": 31,
- "codename": "delete_product_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 124,
- "fields": {
- "name": "Can view product_ group",
- "content_type": 31,
- "codename": "view_product_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 125,
- "fields": {
- "name": "Can add product_ type_ member",
- "content_type": 32,
- "codename": "add_product_type_member"
- }
-},
-{
- "model": "auth.permission",
- "pk": 126,
- "fields": {
- "name": "Can change product_ type_ member",
- "content_type": 32,
- "codename": "change_product_type_member"
- }
-},
-{
- "model": "auth.permission",
- "pk": 127,
- "fields": {
- "name": "Can delete product_ type_ member",
- "content_type": 32,
- "codename": "delete_product_type_member"
- }
-},
-{
- "model": "auth.permission",
- "pk": 128,
- "fields": {
- "name": "Can view product_ type_ member",
- "content_type": 32,
- "codename": "view_product_type_member"
- }
-},
-{
- "model": "auth.permission",
- "pk": 129,
- "fields": {
- "name": "Can add product_ type_ group",
- "content_type": 33,
- "codename": "add_product_type_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 130,
- "fields": {
- "name": "Can change product_ type_ group",
- "content_type": 33,
- "codename": "change_product_type_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 131,
- "fields": {
- "name": "Can delete product_ type_ group",
- "content_type": 33,
- "codename": "delete_product_type_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 132,
- "fields": {
- "name": "Can view product_ type_ group",
- "content_type": 33,
- "codename": "view_product_type_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 133,
- "fields": {
- "name": "Can add tool_ type",
- "content_type": 34,
- "codename": "add_tool_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 134,
- "fields": {
- "name": "Can change tool_ type",
- "content_type": 34,
- "codename": "change_tool_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 135,
- "fields": {
- "name": "Can delete tool_ type",
- "content_type": 34,
- "codename": "delete_tool_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 136,
- "fields": {
- "name": "Can view tool_ type",
- "content_type": 34,
- "codename": "view_tool_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 137,
- "fields": {
- "name": "Can add tool_ configuration",
- "content_type": 35,
- "codename": "add_tool_configuration"
- }
-},
-{
- "model": "auth.permission",
- "pk": 138,
- "fields": {
- "name": "Can change tool_ configuration",
- "content_type": 35,
- "codename": "change_tool_configuration"
- }
-},
-{
- "model": "auth.permission",
- "pk": 139,
- "fields": {
- "name": "Can delete tool_ configuration",
- "content_type": 35,
- "codename": "delete_tool_configuration"
- }
-},
-{
- "model": "auth.permission",
- "pk": 140,
- "fields": {
- "name": "Can view tool_ configuration",
- "content_type": 35,
- "codename": "view_tool_configuration"
- }
-},
-{
- "model": "auth.permission",
- "pk": 141,
- "fields": {
- "name": "Can add product_ap i_ scan_ configuration",
- "content_type": 36,
- "codename": "add_product_api_scan_configuration"
- }
-},
-{
- "model": "auth.permission",
- "pk": 142,
- "fields": {
- "name": "Can change product_ap i_ scan_ configuration",
- "content_type": 36,
- "codename": "change_product_api_scan_configuration"
- }
-},
-{
- "model": "auth.permission",
- "pk": 143,
- "fields": {
- "name": "Can delete product_ap i_ scan_ configuration",
- "content_type": 36,
- "codename": "delete_product_api_scan_configuration"
- }
-},
-{
- "model": "auth.permission",
- "pk": 144,
- "fields": {
- "name": "Can view product_ap i_ scan_ configuration",
- "content_type": 36,
- "codename": "view_product_api_scan_configuration"
- }
-},
-{
- "model": "auth.permission",
- "pk": 145,
- "fields": {
- "name": "Can add network_ locations",
- "content_type": 37,
- "codename": "add_network_locations"
- }
-},
-{
- "model": "auth.permission",
- "pk": 146,
- "fields": {
- "name": "Can change network_ locations",
- "content_type": 37,
- "codename": "change_network_locations"
- }
-},
-{
- "model": "auth.permission",
- "pk": 147,
- "fields": {
- "name": "Can delete network_ locations",
- "content_type": 37,
- "codename": "delete_network_locations"
- }
-},
-{
- "model": "auth.permission",
- "pk": 148,
- "fields": {
- "name": "Can view network_ locations",
- "content_type": 37,
- "codename": "view_network_locations"
- }
-},
-{
- "model": "auth.permission",
- "pk": 149,
- "fields": {
- "name": "Can add engagement_ presets",
- "content_type": 38,
- "codename": "add_engagement_presets"
- }
-},
-{
- "model": "auth.permission",
- "pk": 150,
- "fields": {
- "name": "Can change engagement_ presets",
- "content_type": 38,
- "codename": "change_engagement_presets"
- }
-},
-{
- "model": "auth.permission",
- "pk": 151,
- "fields": {
- "name": "Can delete engagement_ presets",
- "content_type": 38,
- "codename": "delete_engagement_presets"
- }
-},
-{
- "model": "auth.permission",
- "pk": 152,
- "fields": {
- "name": "Can view engagement_ presets",
- "content_type": 38,
- "codename": "view_engagement_presets"
- }
-},
-{
- "model": "auth.permission",
- "pk": 153,
- "fields": {
- "name": "Can add engagement tags",
- "content_type": 39,
- "codename": "add_tagulous_engagement_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 154,
- "fields": {
- "name": "Can change engagement tags",
- "content_type": 39,
- "codename": "change_tagulous_engagement_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 155,
- "fields": {
- "name": "Can delete engagement tags",
- "content_type": 39,
- "codename": "delete_tagulous_engagement_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 156,
- "fields": {
- "name": "Can view engagement tags",
- "content_type": 39,
- "codename": "view_tagulous_engagement_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 157,
- "fields": {
- "name": "Can add engagement inherited_tags",
- "content_type": 40,
- "codename": "add_tagulous_engagement_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 158,
- "fields": {
- "name": "Can change engagement inherited_tags",
- "content_type": 40,
- "codename": "change_tagulous_engagement_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 159,
- "fields": {
- "name": "Can delete engagement inherited_tags",
- "content_type": 40,
- "codename": "delete_tagulous_engagement_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 160,
- "fields": {
- "name": "Can view engagement inherited_tags",
- "content_type": 40,
- "codename": "view_tagulous_engagement_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 161,
- "fields": {
- "name": "Can add engagement",
- "content_type": 41,
- "codename": "add_engagement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 162,
- "fields": {
- "name": "Can change engagement",
- "content_type": 41,
- "codename": "change_engagement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 163,
- "fields": {
- "name": "Can delete engagement",
- "content_type": 41,
- "codename": "delete_engagement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 164,
- "fields": {
- "name": "Can view engagement",
- "content_type": 41,
- "codename": "view_engagement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 165,
- "fields": {
- "name": "Can add cwe",
- "content_type": 42,
- "codename": "add_cwe"
- }
-},
-{
- "model": "auth.permission",
- "pk": 166,
- "fields": {
- "name": "Can change cwe",
- "content_type": 42,
- "codename": "change_cwe"
- }
-},
-{
- "model": "auth.permission",
- "pk": 167,
- "fields": {
- "name": "Can delete cwe",
- "content_type": 42,
- "codename": "delete_cwe"
- }
-},
-{
- "model": "auth.permission",
- "pk": 168,
- "fields": {
- "name": "Can view cwe",
- "content_type": 42,
- "codename": "view_cwe"
- }
-},
-{
- "model": "auth.permission",
- "pk": 169,
- "fields": {
- "name": "Can add endpoint_ params",
- "content_type": 43,
- "codename": "add_endpoint_params"
- }
-},
-{
- "model": "auth.permission",
- "pk": 170,
- "fields": {
- "name": "Can change endpoint_ params",
- "content_type": 43,
- "codename": "change_endpoint_params"
- }
-},
-{
- "model": "auth.permission",
- "pk": 171,
- "fields": {
- "name": "Can delete endpoint_ params",
- "content_type": 43,
- "codename": "delete_endpoint_params"
- }
-},
-{
- "model": "auth.permission",
- "pk": 172,
- "fields": {
- "name": "Can view endpoint_ params",
- "content_type": 43,
- "codename": "view_endpoint_params"
- }
-},
-{
- "model": "auth.permission",
- "pk": 173,
- "fields": {
- "name": "Can add endpoint_ status",
- "content_type": 44,
- "codename": "add_endpoint_status"
- }
-},
-{
- "model": "auth.permission",
- "pk": 174,
- "fields": {
- "name": "Can change endpoint_ status",
- "content_type": 44,
- "codename": "change_endpoint_status"
- }
-},
-{
- "model": "auth.permission",
- "pk": 175,
- "fields": {
- "name": "Can delete endpoint_ status",
- "content_type": 44,
- "codename": "delete_endpoint_status"
- }
-},
-{
- "model": "auth.permission",
- "pk": 176,
- "fields": {
- "name": "Can view endpoint_ status",
- "content_type": 44,
- "codename": "view_endpoint_status"
- }
-},
-{
- "model": "auth.permission",
- "pk": 177,
- "fields": {
- "name": "Can add endpoint tags",
- "content_type": 45,
- "codename": "add_tagulous_endpoint_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 178,
- "fields": {
- "name": "Can change endpoint tags",
- "content_type": 45,
- "codename": "change_tagulous_endpoint_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 179,
- "fields": {
- "name": "Can delete endpoint tags",
- "content_type": 45,
- "codename": "delete_tagulous_endpoint_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 180,
- "fields": {
- "name": "Can view endpoint tags",
- "content_type": 45,
- "codename": "view_tagulous_endpoint_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 181,
- "fields": {
- "name": "Can add endpoint inherited_tags",
- "content_type": 46,
- "codename": "add_tagulous_endpoint_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 182,
- "fields": {
- "name": "Can change endpoint inherited_tags",
- "content_type": 46,
- "codename": "change_tagulous_endpoint_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 183,
- "fields": {
- "name": "Can delete endpoint inherited_tags",
- "content_type": 46,
- "codename": "delete_tagulous_endpoint_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 184,
- "fields": {
- "name": "Can view endpoint inherited_tags",
- "content_type": 46,
- "codename": "view_tagulous_endpoint_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 185,
- "fields": {
- "name": "Can add endpoint",
- "content_type": 47,
- "codename": "add_endpoint"
- }
-},
-{
- "model": "auth.permission",
- "pk": 186,
- "fields": {
- "name": "Can change endpoint",
- "content_type": 47,
- "codename": "change_endpoint"
- }
-},
-{
- "model": "auth.permission",
- "pk": 187,
- "fields": {
- "name": "Can delete endpoint",
- "content_type": 47,
- "codename": "delete_endpoint"
- }
-},
-{
- "model": "auth.permission",
- "pk": 188,
- "fields": {
- "name": "Can view endpoint",
- "content_type": 47,
- "codename": "view_endpoint"
- }
-},
-{
- "model": "auth.permission",
- "pk": 189,
- "fields": {
- "name": "Can add development_ environment",
- "content_type": 48,
- "codename": "add_development_environment"
- }
-},
-{
- "model": "auth.permission",
- "pk": 190,
- "fields": {
- "name": "Can change development_ environment",
- "content_type": 48,
- "codename": "change_development_environment"
- }
-},
-{
- "model": "auth.permission",
- "pk": 191,
- "fields": {
- "name": "Can delete development_ environment",
- "content_type": 48,
- "codename": "delete_development_environment"
- }
-},
-{
- "model": "auth.permission",
- "pk": 192,
- "fields": {
- "name": "Can view development_ environment",
- "content_type": 48,
- "codename": "view_development_environment"
- }
-},
-{
- "model": "auth.permission",
- "pk": 193,
- "fields": {
- "name": "Can add sonarqube_ issue",
- "content_type": 49,
- "codename": "add_sonarqube_issue"
- }
-},
-{
- "model": "auth.permission",
- "pk": 194,
- "fields": {
- "name": "Can change sonarqube_ issue",
- "content_type": 49,
- "codename": "change_sonarqube_issue"
- }
-},
-{
- "model": "auth.permission",
- "pk": 195,
- "fields": {
- "name": "Can delete sonarqube_ issue",
- "content_type": 49,
- "codename": "delete_sonarqube_issue"
- }
-},
-{
- "model": "auth.permission",
- "pk": 196,
- "fields": {
- "name": "Can view sonarqube_ issue",
- "content_type": 49,
- "codename": "view_sonarqube_issue"
- }
-},
-{
- "model": "auth.permission",
- "pk": 197,
- "fields": {
- "name": "Can add sonarqube_ issue_ transition",
- "content_type": 50,
- "codename": "add_sonarqube_issue_transition"
- }
-},
-{
- "model": "auth.permission",
- "pk": 198,
- "fields": {
- "name": "Can change sonarqube_ issue_ transition",
- "content_type": 50,
- "codename": "change_sonarqube_issue_transition"
- }
-},
-{
- "model": "auth.permission",
- "pk": 199,
- "fields": {
- "name": "Can delete sonarqube_ issue_ transition",
- "content_type": 50,
- "codename": "delete_sonarqube_issue_transition"
- }
-},
-{
- "model": "auth.permission",
- "pk": 200,
- "fields": {
- "name": "Can view sonarqube_ issue_ transition",
- "content_type": 50,
- "codename": "view_sonarqube_issue_transition"
- }
-},
-{
- "model": "auth.permission",
- "pk": 201,
- "fields": {
- "name": "Can add test tags",
- "content_type": 51,
- "codename": "add_tagulous_test_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 202,
- "fields": {
- "name": "Can change test tags",
- "content_type": 51,
- "codename": "change_tagulous_test_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 203,
- "fields": {
- "name": "Can delete test tags",
- "content_type": 51,
- "codename": "delete_tagulous_test_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 204,
- "fields": {
- "name": "Can view test tags",
- "content_type": 51,
- "codename": "view_tagulous_test_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 205,
- "fields": {
- "name": "Can add test inherited_tags",
- "content_type": 52,
- "codename": "add_tagulous_test_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 206,
- "fields": {
- "name": "Can change test inherited_tags",
- "content_type": 52,
- "codename": "change_tagulous_test_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 207,
- "fields": {
- "name": "Can delete test inherited_tags",
- "content_type": 52,
- "codename": "delete_tagulous_test_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 208,
- "fields": {
- "name": "Can view test inherited_tags",
- "content_type": 52,
- "codename": "view_tagulous_test_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 209,
- "fields": {
- "name": "Can add test",
- "content_type": 53,
- "codename": "add_test"
- }
-},
-{
- "model": "auth.permission",
- "pk": 210,
- "fields": {
- "name": "Can change test",
- "content_type": 53,
- "codename": "change_test"
- }
-},
-{
- "model": "auth.permission",
- "pk": 211,
- "fields": {
- "name": "Can delete test",
- "content_type": 53,
- "codename": "delete_test"
- }
-},
-{
- "model": "auth.permission",
- "pk": 212,
- "fields": {
- "name": "Can view test",
- "content_type": 53,
- "codename": "view_test"
- }
-},
-{
- "model": "auth.permission",
- "pk": 213,
- "fields": {
- "name": "Can add test_ import",
- "content_type": 54,
- "codename": "add_test_import"
- }
-},
-{
- "model": "auth.permission",
- "pk": 214,
- "fields": {
- "name": "Can change test_ import",
- "content_type": 54,
- "codename": "change_test_import"
- }
-},
-{
- "model": "auth.permission",
- "pk": 215,
- "fields": {
- "name": "Can delete test_ import",
- "content_type": 54,
- "codename": "delete_test_import"
- }
-},
-{
- "model": "auth.permission",
- "pk": 216,
- "fields": {
- "name": "Can view test_ import",
- "content_type": 54,
- "codename": "view_test_import"
- }
-},
-{
- "model": "auth.permission",
- "pk": 217,
- "fields": {
- "name": "Can add test_ import_ finding_ action",
- "content_type": 55,
- "codename": "add_test_import_finding_action"
- }
-},
-{
- "model": "auth.permission",
- "pk": 218,
- "fields": {
- "name": "Can change test_ import_ finding_ action",
- "content_type": 55,
- "codename": "change_test_import_finding_action"
- }
-},
-{
- "model": "auth.permission",
- "pk": 219,
- "fields": {
- "name": "Can delete test_ import_ finding_ action",
- "content_type": 55,
- "codename": "delete_test_import_finding_action"
- }
-},
-{
- "model": "auth.permission",
- "pk": 220,
- "fields": {
- "name": "Can view test_ import_ finding_ action",
- "content_type": 55,
- "codename": "view_test_import_finding_action"
- }
-},
-{
- "model": "auth.permission",
- "pk": 221,
- "fields": {
- "name": "Can add finding tags",
- "content_type": 56,
- "codename": "add_tagulous_finding_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 222,
- "fields": {
- "name": "Can change finding tags",
- "content_type": 56,
- "codename": "change_tagulous_finding_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 223,
- "fields": {
- "name": "Can delete finding tags",
- "content_type": 56,
- "codename": "delete_tagulous_finding_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 224,
- "fields": {
- "name": "Can view finding tags",
- "content_type": 56,
- "codename": "view_tagulous_finding_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 225,
- "fields": {
- "name": "Can add finding inherited_tags",
- "content_type": 57,
- "codename": "add_tagulous_finding_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 226,
- "fields": {
- "name": "Can change finding inherited_tags",
- "content_type": 57,
- "codename": "change_tagulous_finding_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 227,
- "fields": {
- "name": "Can delete finding inherited_tags",
- "content_type": 57,
- "codename": "delete_tagulous_finding_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 228,
- "fields": {
- "name": "Can view finding inherited_tags",
- "content_type": 57,
- "codename": "view_tagulous_finding_inherited_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 229,
- "fields": {
- "name": "Can add finding",
- "content_type": 58,
- "codename": "add_finding"
- }
-},
-{
- "model": "auth.permission",
- "pk": 230,
- "fields": {
- "name": "Can change finding",
- "content_type": 58,
- "codename": "change_finding"
- }
-},
-{
- "model": "auth.permission",
- "pk": 231,
- "fields": {
- "name": "Can delete finding",
- "content_type": 58,
- "codename": "delete_finding"
- }
-},
-{
- "model": "auth.permission",
- "pk": 232,
- "fields": {
- "name": "Can view finding",
- "content_type": 58,
- "codename": "view_finding"
- }
-},
-{
- "model": "auth.permission",
- "pk": 233,
- "fields": {
- "name": "Can add vulnerability_ id",
- "content_type": 59,
- "codename": "add_vulnerability_id"
- }
-},
-{
- "model": "auth.permission",
- "pk": 234,
- "fields": {
- "name": "Can change vulnerability_ id",
- "content_type": 59,
- "codename": "change_vulnerability_id"
- }
-},
-{
- "model": "auth.permission",
- "pk": 235,
- "fields": {
- "name": "Can delete vulnerability_ id",
- "content_type": 59,
- "codename": "delete_vulnerability_id"
- }
-},
-{
- "model": "auth.permission",
- "pk": 236,
- "fields": {
- "name": "Can view vulnerability_ id",
- "content_type": 59,
- "codename": "view_vulnerability_id"
- }
-},
-{
- "model": "auth.permission",
- "pk": 237,
- "fields": {
- "name": "Can add stub_ finding",
- "content_type": 60,
- "codename": "add_stub_finding"
- }
-},
-{
- "model": "auth.permission",
- "pk": 238,
- "fields": {
- "name": "Can change stub_ finding",
- "content_type": 60,
- "codename": "change_stub_finding"
- }
-},
-{
- "model": "auth.permission",
- "pk": 239,
- "fields": {
- "name": "Can delete stub_ finding",
- "content_type": 60,
- "codename": "delete_stub_finding"
- }
-},
-{
- "model": "auth.permission",
- "pk": 240,
- "fields": {
- "name": "Can view stub_ finding",
- "content_type": 60,
- "codename": "view_stub_finding"
- }
-},
-{
- "model": "auth.permission",
- "pk": 241,
- "fields": {
- "name": "Can add finding_ group",
- "content_type": 61,
- "codename": "add_finding_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 242,
- "fields": {
- "name": "Can change finding_ group",
- "content_type": 61,
- "codename": "change_finding_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 243,
- "fields": {
- "name": "Can delete finding_ group",
- "content_type": 61,
- "codename": "delete_finding_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 244,
- "fields": {
- "name": "Can view finding_ group",
- "content_type": 61,
- "codename": "view_finding_group"
- }
-},
-{
- "model": "auth.permission",
- "pk": 245,
- "fields": {
- "name": "Can add finding_ template tags",
- "content_type": 62,
- "codename": "add_tagulous_finding_template_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 246,
- "fields": {
- "name": "Can change finding_ template tags",
- "content_type": 62,
- "codename": "change_tagulous_finding_template_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 247,
- "fields": {
- "name": "Can delete finding_ template tags",
- "content_type": 62,
- "codename": "delete_tagulous_finding_template_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 248,
- "fields": {
- "name": "Can view finding_ template tags",
- "content_type": 62,
- "codename": "view_tagulous_finding_template_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 249,
- "fields": {
- "name": "Can add finding_ template",
- "content_type": 63,
- "codename": "add_finding_template"
- }
-},
-{
- "model": "auth.permission",
- "pk": 250,
- "fields": {
- "name": "Can change finding_ template",
- "content_type": 63,
- "codename": "change_finding_template"
- }
-},
-{
- "model": "auth.permission",
- "pk": 251,
- "fields": {
- "name": "Can delete finding_ template",
- "content_type": 63,
- "codename": "delete_finding_template"
- }
-},
-{
- "model": "auth.permission",
- "pk": 252,
- "fields": {
- "name": "Can view finding_ template",
- "content_type": 63,
- "codename": "view_finding_template"
- }
-},
-{
- "model": "auth.permission",
- "pk": 253,
- "fields": {
- "name": "Can add vulnerability_ id_ template",
- "content_type": 64,
- "codename": "add_vulnerability_id_template"
- }
-},
-{
- "model": "auth.permission",
- "pk": 254,
- "fields": {
- "name": "Can change vulnerability_ id_ template",
- "content_type": 64,
- "codename": "change_vulnerability_id_template"
- }
-},
-{
- "model": "auth.permission",
- "pk": 255,
- "fields": {
- "name": "Can delete vulnerability_ id_ template",
- "content_type": 64,
- "codename": "delete_vulnerability_id_template"
- }
-},
-{
- "model": "auth.permission",
- "pk": 256,
- "fields": {
- "name": "Can view vulnerability_ id_ template",
- "content_type": 64,
- "codename": "view_vulnerability_id_template"
- }
-},
-{
- "model": "auth.permission",
- "pk": 257,
- "fields": {
- "name": "Can add check_ list",
- "content_type": 65,
- "codename": "add_check_list"
- }
-},
-{
- "model": "auth.permission",
- "pk": 258,
- "fields": {
- "name": "Can change check_ list",
- "content_type": 65,
- "codename": "change_check_list"
- }
-},
-{
- "model": "auth.permission",
- "pk": 259,
- "fields": {
- "name": "Can delete check_ list",
- "content_type": 65,
- "codename": "delete_check_list"
- }
-},
-{
- "model": "auth.permission",
- "pk": 260,
- "fields": {
- "name": "Can view check_ list",
- "content_type": 65,
- "codename": "view_check_list"
- }
-},
-{
- "model": "auth.permission",
- "pk": 261,
- "fields": {
- "name": "Can add burp raw request response",
- "content_type": 66,
- "codename": "add_burprawrequestresponse"
- }
-},
-{
- "model": "auth.permission",
- "pk": 262,
- "fields": {
- "name": "Can change burp raw request response",
- "content_type": 66,
- "codename": "change_burprawrequestresponse"
- }
-},
-{
- "model": "auth.permission",
- "pk": 263,
- "fields": {
- "name": "Can delete burp raw request response",
- "content_type": 66,
- "codename": "delete_burprawrequestresponse"
- }
-},
-{
- "model": "auth.permission",
- "pk": 264,
- "fields": {
- "name": "Can view burp raw request response",
- "content_type": 66,
- "codename": "view_burprawrequestresponse"
- }
-},
-{
- "model": "auth.permission",
- "pk": 265,
- "fields": {
- "name": "Can add risk_ acceptance",
- "content_type": 67,
- "codename": "add_risk_acceptance"
- }
-},
-{
- "model": "auth.permission",
- "pk": 266,
- "fields": {
- "name": "Can change risk_ acceptance",
- "content_type": 67,
- "codename": "change_risk_acceptance"
- }
-},
-{
- "model": "auth.permission",
- "pk": 267,
- "fields": {
- "name": "Can delete risk_ acceptance",
- "content_type": 67,
- "codename": "delete_risk_acceptance"
- }
-},
-{
- "model": "auth.permission",
- "pk": 268,
- "fields": {
- "name": "Can view risk_ acceptance",
- "content_type": 67,
- "codename": "view_risk_acceptance"
- }
-},
-{
- "model": "auth.permission",
- "pk": 269,
- "fields": {
- "name": "Can add file access token",
- "content_type": 68,
- "codename": "add_fileaccesstoken"
- }
-},
-{
- "model": "auth.permission",
- "pk": 270,
- "fields": {
- "name": "Can change file access token",
- "content_type": 68,
- "codename": "change_fileaccesstoken"
- }
-},
-{
- "model": "auth.permission",
- "pk": 271,
- "fields": {
- "name": "Can delete file access token",
- "content_type": 68,
- "codename": "delete_fileaccesstoken"
- }
-},
-{
- "model": "auth.permission",
- "pk": 272,
- "fields": {
- "name": "Can view file access token",
- "content_type": 68,
- "codename": "view_fileaccesstoken"
- }
-},
-{
- "model": "auth.permission",
- "pk": 273,
- "fields": {
- "name": "Can add announcement",
- "content_type": 69,
- "codename": "add_announcement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 274,
- "fields": {
- "name": "Can change announcement",
- "content_type": 69,
- "codename": "change_announcement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 275,
- "fields": {
- "name": "Can delete announcement",
- "content_type": 69,
- "codename": "delete_announcement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 276,
- "fields": {
- "name": "Can view announcement",
- "content_type": 69,
- "codename": "view_announcement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 277,
- "fields": {
- "name": "Can add user announcement",
- "content_type": 70,
- "codename": "add_userannouncement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 278,
- "fields": {
- "name": "Can change user announcement",
- "content_type": 70,
- "codename": "change_userannouncement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 279,
- "fields": {
- "name": "Can delete user announcement",
- "content_type": 70,
- "codename": "delete_userannouncement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 280,
- "fields": {
- "name": "Can view user announcement",
- "content_type": 70,
- "codename": "view_userannouncement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 281,
- "fields": {
- "name": "Can add banner conf",
- "content_type": 71,
- "codename": "add_bannerconf"
- }
-},
-{
- "model": "auth.permission",
- "pk": 282,
- "fields": {
- "name": "Can change banner conf",
- "content_type": 71,
- "codename": "change_bannerconf"
- }
-},
-{
- "model": "auth.permission",
- "pk": 283,
- "fields": {
- "name": "Can delete banner conf",
- "content_type": 71,
- "codename": "delete_bannerconf"
- }
-},
-{
- "model": "auth.permission",
- "pk": 284,
- "fields": {
- "name": "Can view banner conf",
- "content_type": 71,
- "codename": "view_bannerconf"
- }
-},
-{
- "model": "auth.permission",
- "pk": 285,
- "fields": {
- "name": "Can add githu b_ conf",
- "content_type": 72,
- "codename": "add_github_conf"
- }
-},
-{
- "model": "auth.permission",
- "pk": 286,
- "fields": {
- "name": "Can change githu b_ conf",
- "content_type": 72,
- "codename": "change_github_conf"
- }
-},
-{
- "model": "auth.permission",
- "pk": 287,
- "fields": {
- "name": "Can delete githu b_ conf",
- "content_type": 72,
- "codename": "delete_github_conf"
- }
-},
-{
- "model": "auth.permission",
- "pk": 288,
- "fields": {
- "name": "Can view githu b_ conf",
- "content_type": 72,
- "codename": "view_github_conf"
- }
-},
-{
- "model": "auth.permission",
- "pk": 289,
- "fields": {
- "name": "Can add githu b_ issue",
- "content_type": 73,
- "codename": "add_github_issue"
- }
-},
-{
- "model": "auth.permission",
- "pk": 290,
- "fields": {
- "name": "Can change githu b_ issue",
- "content_type": 73,
- "codename": "change_github_issue"
- }
-},
-{
- "model": "auth.permission",
- "pk": 291,
- "fields": {
- "name": "Can delete githu b_ issue",
- "content_type": 73,
- "codename": "delete_github_issue"
- }
-},
-{
- "model": "auth.permission",
- "pk": 292,
- "fields": {
- "name": "Can view githu b_ issue",
- "content_type": 73,
- "codename": "view_github_issue"
- }
-},
-{
- "model": "auth.permission",
- "pk": 293,
- "fields": {
- "name": "Can add githu b_ clone",
- "content_type": 74,
- "codename": "add_github_clone"
- }
-},
-{
- "model": "auth.permission",
- "pk": 294,
- "fields": {
- "name": "Can change githu b_ clone",
- "content_type": 74,
- "codename": "change_github_clone"
- }
-},
-{
- "model": "auth.permission",
- "pk": 295,
- "fields": {
- "name": "Can delete githu b_ clone",
- "content_type": 74,
- "codename": "delete_github_clone"
- }
-},
-{
- "model": "auth.permission",
- "pk": 296,
- "fields": {
- "name": "Can view githu b_ clone",
- "content_type": 74,
- "codename": "view_github_clone"
- }
-},
-{
- "model": "auth.permission",
- "pk": 297,
- "fields": {
- "name": "Can add githu b_ details_ cache",
- "content_type": 75,
- "codename": "add_github_details_cache"
- }
-},
-{
- "model": "auth.permission",
- "pk": 298,
- "fields": {
- "name": "Can change githu b_ details_ cache",
- "content_type": 75,
- "codename": "change_github_details_cache"
- }
-},
-{
- "model": "auth.permission",
- "pk": 299,
- "fields": {
- "name": "Can delete githu b_ details_ cache",
- "content_type": 75,
- "codename": "delete_github_details_cache"
- }
-},
-{
- "model": "auth.permission",
- "pk": 300,
- "fields": {
- "name": "Can view githu b_ details_ cache",
- "content_type": 75,
- "codename": "view_github_details_cache"
- }
-},
-{
- "model": "auth.permission",
- "pk": 301,
- "fields": {
- "name": "Can add githu b_p key",
- "content_type": 76,
- "codename": "add_github_pkey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 302,
- "fields": {
- "name": "Can change githu b_p key",
- "content_type": 76,
- "codename": "change_github_pkey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 303,
- "fields": {
- "name": "Can delete githu b_p key",
- "content_type": 76,
- "codename": "delete_github_pkey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 304,
- "fields": {
- "name": "Can view githu b_p key",
- "content_type": 76,
- "codename": "view_github_pkey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 305,
- "fields": {
- "name": "Can add jir a_ instance",
- "content_type": 77,
- "codename": "add_jira_instance"
- }
-},
-{
- "model": "auth.permission",
- "pk": 306,
- "fields": {
- "name": "Can change jir a_ instance",
- "content_type": 77,
- "codename": "change_jira_instance"
- }
-},
-{
- "model": "auth.permission",
- "pk": 307,
- "fields": {
- "name": "Can delete jir a_ instance",
- "content_type": 77,
- "codename": "delete_jira_instance"
- }
-},
-{
- "model": "auth.permission",
- "pk": 308,
- "fields": {
- "name": "Can view jir a_ instance",
- "content_type": 77,
- "codename": "view_jira_instance"
- }
-},
-{
- "model": "auth.permission",
- "pk": 309,
- "fields": {
- "name": "Can add jir a_ project",
- "content_type": 78,
- "codename": "add_jira_project"
- }
-},
-{
- "model": "auth.permission",
- "pk": 310,
- "fields": {
- "name": "Can change jir a_ project",
- "content_type": 78,
- "codename": "change_jira_project"
- }
-},
-{
- "model": "auth.permission",
- "pk": 311,
- "fields": {
- "name": "Can delete jir a_ project",
- "content_type": 78,
- "codename": "delete_jira_project"
- }
-},
-{
- "model": "auth.permission",
- "pk": 312,
- "fields": {
- "name": "Can view jir a_ project",
- "content_type": 78,
- "codename": "view_jira_project"
- }
-},
-{
- "model": "auth.permission",
- "pk": 313,
- "fields": {
- "name": "Can add jir a_ issue",
- "content_type": 79,
- "codename": "add_jira_issue"
- }
-},
-{
- "model": "auth.permission",
- "pk": 314,
- "fields": {
- "name": "Can change jir a_ issue",
- "content_type": 79,
- "codename": "change_jira_issue"
- }
-},
-{
- "model": "auth.permission",
- "pk": 315,
- "fields": {
- "name": "Can delete jir a_ issue",
- "content_type": 79,
- "codename": "delete_jira_issue"
- }
-},
-{
- "model": "auth.permission",
- "pk": 316,
- "fields": {
- "name": "Can view jir a_ issue",
- "content_type": 79,
- "codename": "view_jira_issue"
- }
-},
-{
- "model": "auth.permission",
- "pk": 317,
- "fields": {
- "name": "Can add notifications",
- "content_type": 80,
- "codename": "add_notifications"
- }
-},
-{
- "model": "auth.permission",
- "pk": 318,
- "fields": {
- "name": "Can change notifications",
- "content_type": 80,
- "codename": "change_notifications"
- }
-},
-{
- "model": "auth.permission",
- "pk": 319,
- "fields": {
- "name": "Can delete notifications",
- "content_type": 80,
- "codename": "delete_notifications"
- }
-},
-{
- "model": "auth.permission",
- "pk": 320,
- "fields": {
- "name": "Can view notifications",
- "content_type": 80,
- "codename": "view_notifications"
- }
-},
-{
- "model": "auth.permission",
- "pk": 321,
- "fields": {
- "name": "Can add notification_ webhooks",
- "content_type": 81,
- "codename": "add_notification_webhooks"
- }
-},
-{
- "model": "auth.permission",
- "pk": 322,
- "fields": {
- "name": "Can change notification_ webhooks",
- "content_type": 81,
- "codename": "change_notification_webhooks"
- }
-},
-{
- "model": "auth.permission",
- "pk": 323,
- "fields": {
- "name": "Can delete notification_ webhooks",
- "content_type": 81,
- "codename": "delete_notification_webhooks"
- }
-},
-{
- "model": "auth.permission",
- "pk": 324,
- "fields": {
- "name": "Can view notification_ webhooks",
- "content_type": 81,
- "codename": "view_notification_webhooks"
- }
-},
-{
- "model": "auth.permission",
- "pk": 325,
- "fields": {
- "name": "Can add tool_ product_ settings",
- "content_type": 82,
- "codename": "add_tool_product_settings"
- }
-},
-{
- "model": "auth.permission",
- "pk": 326,
- "fields": {
- "name": "Can change tool_ product_ settings",
- "content_type": 82,
- "codename": "change_tool_product_settings"
- }
-},
-{
- "model": "auth.permission",
- "pk": 327,
- "fields": {
- "name": "Can delete tool_ product_ settings",
- "content_type": 82,
- "codename": "delete_tool_product_settings"
- }
-},
-{
- "model": "auth.permission",
- "pk": 328,
- "fields": {
- "name": "Can view tool_ product_ settings",
- "content_type": 82,
- "codename": "view_tool_product_settings"
- }
-},
-{
- "model": "auth.permission",
- "pk": 329,
- "fields": {
- "name": "Can add tool_ product_ history",
- "content_type": 83,
- "codename": "add_tool_product_history"
- }
-},
-{
- "model": "auth.permission",
- "pk": 330,
- "fields": {
- "name": "Can change tool_ product_ history",
- "content_type": 83,
- "codename": "change_tool_product_history"
- }
-},
-{
- "model": "auth.permission",
- "pk": 331,
- "fields": {
- "name": "Can delete tool_ product_ history",
- "content_type": 83,
- "codename": "delete_tool_product_history"
- }
-},
-{
- "model": "auth.permission",
- "pk": 332,
- "fields": {
- "name": "Can view tool_ product_ history",
- "content_type": 83,
- "codename": "view_tool_product_history"
- }
-},
-{
- "model": "auth.permission",
- "pk": 333,
- "fields": {
- "name": "Can add alerts",
- "content_type": 84,
- "codename": "add_alerts"
- }
-},
-{
- "model": "auth.permission",
- "pk": 334,
- "fields": {
- "name": "Can change alerts",
- "content_type": 84,
- "codename": "change_alerts"
- }
-},
-{
- "model": "auth.permission",
- "pk": 335,
- "fields": {
- "name": "Can delete alerts",
- "content_type": 84,
- "codename": "delete_alerts"
- }
-},
-{
- "model": "auth.permission",
- "pk": 336,
- "fields": {
- "name": "Can view alerts",
- "content_type": 84,
- "codename": "view_alerts"
- }
-},
-{
- "model": "auth.permission",
- "pk": 337,
- "fields": {
- "name": "Can add cred_ user",
- "content_type": 85,
- "codename": "add_cred_user"
- }
-},
-{
- "model": "auth.permission",
- "pk": 338,
- "fields": {
- "name": "Can change cred_ user",
- "content_type": 85,
- "codename": "change_cred_user"
- }
-},
-{
- "model": "auth.permission",
- "pk": 339,
- "fields": {
- "name": "Can delete cred_ user",
- "content_type": 85,
- "codename": "delete_cred_user"
- }
-},
-{
- "model": "auth.permission",
- "pk": 340,
- "fields": {
- "name": "Can view cred_ user",
- "content_type": 85,
- "codename": "view_cred_user"
- }
-},
-{
- "model": "auth.permission",
- "pk": 341,
- "fields": {
- "name": "Can add cred_ mapping",
- "content_type": 86,
- "codename": "add_cred_mapping"
- }
-},
-{
- "model": "auth.permission",
- "pk": 342,
- "fields": {
- "name": "Can change cred_ mapping",
- "content_type": 86,
- "codename": "change_cred_mapping"
- }
-},
-{
- "model": "auth.permission",
- "pk": 343,
- "fields": {
- "name": "Can delete cred_ mapping",
- "content_type": 86,
- "codename": "delete_cred_mapping"
- }
-},
-{
- "model": "auth.permission",
- "pk": 344,
- "fields": {
- "name": "Can view cred_ mapping",
- "content_type": 86,
- "codename": "view_cred_mapping"
- }
-},
-{
- "model": "auth.permission",
- "pk": 345,
- "fields": {
- "name": "Can add language_ type",
- "content_type": 87,
- "codename": "add_language_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 346,
- "fields": {
- "name": "Can change language_ type",
- "content_type": 87,
- "codename": "change_language_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 347,
- "fields": {
- "name": "Can delete language_ type",
- "content_type": 87,
- "codename": "delete_language_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 348,
- "fields": {
- "name": "Can view language_ type",
- "content_type": 87,
- "codename": "view_language_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 349,
- "fields": {
- "name": "Can add languages",
- "content_type": 88,
- "codename": "add_languages"
- }
-},
-{
- "model": "auth.permission",
- "pk": 350,
- "fields": {
- "name": "Can change languages",
- "content_type": 88,
- "codename": "change_languages"
- }
-},
-{
- "model": "auth.permission",
- "pk": 351,
- "fields": {
- "name": "Can delete languages",
- "content_type": 88,
- "codename": "delete_languages"
- }
-},
-{
- "model": "auth.permission",
- "pk": 352,
- "fields": {
- "name": "Can view languages",
- "content_type": 88,
- "codename": "view_languages"
- }
-},
-{
- "model": "auth.permission",
- "pk": 353,
- "fields": {
- "name": "Can add app_ analysis tags",
- "content_type": 89,
- "codename": "add_tagulous_app_analysis_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 354,
- "fields": {
- "name": "Can change app_ analysis tags",
- "content_type": 89,
- "codename": "change_tagulous_app_analysis_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 355,
- "fields": {
- "name": "Can delete app_ analysis tags",
- "content_type": 89,
- "codename": "delete_tagulous_app_analysis_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 356,
- "fields": {
- "name": "Can view app_ analysis tags",
- "content_type": 89,
- "codename": "view_tagulous_app_analysis_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 357,
- "fields": {
- "name": "Can add app_ analysis",
- "content_type": 90,
- "codename": "add_app_analysis"
- }
-},
-{
- "model": "auth.permission",
- "pk": 358,
- "fields": {
- "name": "Can change app_ analysis",
- "content_type": 90,
- "codename": "change_app_analysis"
- }
-},
-{
- "model": "auth.permission",
- "pk": 359,
- "fields": {
- "name": "Can delete app_ analysis",
- "content_type": 90,
- "codename": "delete_app_analysis"
- }
-},
-{
- "model": "auth.permission",
- "pk": 360,
- "fields": {
- "name": "Can view app_ analysis",
- "content_type": 90,
- "codename": "view_app_analysis"
- }
-},
-{
- "model": "auth.permission",
- "pk": 361,
- "fields": {
- "name": "Can add objects_ review",
- "content_type": 91,
- "codename": "add_objects_review"
- }
-},
-{
- "model": "auth.permission",
- "pk": 362,
- "fields": {
- "name": "Can change objects_ review",
- "content_type": 91,
- "codename": "change_objects_review"
- }
-},
-{
- "model": "auth.permission",
- "pk": 363,
- "fields": {
- "name": "Can delete objects_ review",
- "content_type": 91,
- "codename": "delete_objects_review"
- }
-},
-{
- "model": "auth.permission",
- "pk": 364,
- "fields": {
- "name": "Can view objects_ review",
- "content_type": 91,
- "codename": "view_objects_review"
- }
-},
-{
- "model": "auth.permission",
- "pk": 365,
- "fields": {
- "name": "Can add objects_ product tags",
- "content_type": 92,
- "codename": "add_tagulous_objects_product_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 366,
- "fields": {
- "name": "Can change objects_ product tags",
- "content_type": 92,
- "codename": "change_tagulous_objects_product_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 367,
- "fields": {
- "name": "Can delete objects_ product tags",
- "content_type": 92,
- "codename": "delete_tagulous_objects_product_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 368,
- "fields": {
- "name": "Can view objects_ product tags",
- "content_type": 92,
- "codename": "view_tagulous_objects_product_tags"
- }
-},
-{
- "model": "auth.permission",
- "pk": 369,
- "fields": {
- "name": "Can add objects_ product",
- "content_type": 93,
- "codename": "add_objects_product"
- }
-},
-{
- "model": "auth.permission",
- "pk": 370,
- "fields": {
- "name": "Can change objects_ product",
- "content_type": 93,
- "codename": "change_objects_product"
- }
-},
-{
- "model": "auth.permission",
- "pk": 371,
- "fields": {
- "name": "Can delete objects_ product",
- "content_type": 93,
- "codename": "delete_objects_product"
- }
-},
-{
- "model": "auth.permission",
- "pk": 372,
- "fields": {
- "name": "Can view objects_ product",
- "content_type": 93,
- "codename": "view_objects_product"
- }
-},
-{
- "model": "auth.permission",
- "pk": 373,
- "fields": {
- "name": "Can add testing_ guide_ category",
- "content_type": 94,
- "codename": "add_testing_guide_category"
- }
-},
-{
- "model": "auth.permission",
- "pk": 374,
- "fields": {
- "name": "Can change testing_ guide_ category",
- "content_type": 94,
- "codename": "change_testing_guide_category"
- }
-},
-{
- "model": "auth.permission",
- "pk": 375,
- "fields": {
- "name": "Can delete testing_ guide_ category",
- "content_type": 94,
- "codename": "delete_testing_guide_category"
- }
-},
-{
- "model": "auth.permission",
- "pk": 376,
- "fields": {
- "name": "Can view testing_ guide_ category",
- "content_type": 94,
- "codename": "view_testing_guide_category"
- }
-},
-{
- "model": "auth.permission",
- "pk": 377,
- "fields": {
- "name": "Can add testing_ guide",
- "content_type": 95,
- "codename": "add_testing_guide"
- }
-},
-{
- "model": "auth.permission",
- "pk": 378,
- "fields": {
- "name": "Can change testing_ guide",
- "content_type": 95,
- "codename": "change_testing_guide"
- }
-},
-{
- "model": "auth.permission",
- "pk": 379,
- "fields": {
- "name": "Can delete testing_ guide",
- "content_type": 95,
- "codename": "delete_testing_guide"
- }
-},
-{
- "model": "auth.permission",
- "pk": 380,
- "fields": {
- "name": "Can view testing_ guide",
- "content_type": 95,
- "codename": "view_testing_guide"
- }
-},
-{
- "model": "auth.permission",
- "pk": 381,
- "fields": {
- "name": "Can add benchmark_ type",
- "content_type": 96,
- "codename": "add_benchmark_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 382,
- "fields": {
- "name": "Can change benchmark_ type",
- "content_type": 96,
- "codename": "change_benchmark_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 383,
- "fields": {
- "name": "Can delete benchmark_ type",
- "content_type": 96,
- "codename": "delete_benchmark_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 384,
- "fields": {
- "name": "Can view benchmark_ type",
- "content_type": 96,
- "codename": "view_benchmark_type"
- }
-},
-{
- "model": "auth.permission",
- "pk": 385,
- "fields": {
- "name": "Can add benchmark_ category",
- "content_type": 97,
- "codename": "add_benchmark_category"
- }
-},
-{
- "model": "auth.permission",
- "pk": 386,
- "fields": {
- "name": "Can change benchmark_ category",
- "content_type": 97,
- "codename": "change_benchmark_category"
- }
-},
-{
- "model": "auth.permission",
- "pk": 387,
- "fields": {
- "name": "Can delete benchmark_ category",
- "content_type": 97,
- "codename": "delete_benchmark_category"
- }
-},
-{
- "model": "auth.permission",
- "pk": 388,
- "fields": {
- "name": "Can view benchmark_ category",
- "content_type": 97,
- "codename": "view_benchmark_category"
- }
-},
-{
- "model": "auth.permission",
- "pk": 389,
- "fields": {
- "name": "Can add benchmark_ requirement",
- "content_type": 98,
- "codename": "add_benchmark_requirement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 390,
- "fields": {
- "name": "Can change benchmark_ requirement",
- "content_type": 98,
- "codename": "change_benchmark_requirement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 391,
- "fields": {
- "name": "Can delete benchmark_ requirement",
- "content_type": 98,
- "codename": "delete_benchmark_requirement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 392,
- "fields": {
- "name": "Can view benchmark_ requirement",
- "content_type": 98,
- "codename": "view_benchmark_requirement"
- }
-},
-{
- "model": "auth.permission",
- "pk": 393,
- "fields": {
- "name": "Can add benchmark_ product",
- "content_type": 99,
- "codename": "add_benchmark_product"
- }
-},
-{
- "model": "auth.permission",
- "pk": 394,
- "fields": {
- "name": "Can change benchmark_ product",
- "content_type": 99,
- "codename": "change_benchmark_product"
- }
-},
-{
- "model": "auth.permission",
- "pk": 395,
- "fields": {
- "name": "Can delete benchmark_ product",
- "content_type": 99,
- "codename": "delete_benchmark_product"
- }
-},
-{
- "model": "auth.permission",
- "pk": 396,
- "fields": {
- "name": "Can view benchmark_ product",
- "content_type": 99,
- "codename": "view_benchmark_product"
- }
-},
-{
- "model": "auth.permission",
- "pk": 397,
- "fields": {
- "name": "Can add benchmark_ product_ summary",
- "content_type": 100,
- "codename": "add_benchmark_product_summary"
- }
-},
-{
- "model": "auth.permission",
- "pk": 398,
- "fields": {
- "name": "Can change benchmark_ product_ summary",
- "content_type": 100,
- "codename": "change_benchmark_product_summary"
- }
-},
-{
- "model": "auth.permission",
- "pk": 399,
- "fields": {
- "name": "Can delete benchmark_ product_ summary",
- "content_type": 100,
- "codename": "delete_benchmark_product_summary"
- }
-},
-{
- "model": "auth.permission",
- "pk": 400,
- "fields": {
- "name": "Can view benchmark_ product_ summary",
- "content_type": 100,
- "codename": "view_benchmark_product_summary"
- }
-},
-{
- "model": "auth.permission",
- "pk": 401,
- "fields": {
- "name": "Can add question",
- "content_type": 101,
- "codename": "add_question"
- }
-},
-{
- "model": "auth.permission",
- "pk": 402,
- "fields": {
- "name": "Can change question",
- "content_type": 101,
- "codename": "change_question"
- }
-},
-{
- "model": "auth.permission",
- "pk": 403,
- "fields": {
- "name": "Can delete question",
- "content_type": 101,
- "codename": "delete_question"
- }
-},
-{
- "model": "auth.permission",
- "pk": 404,
- "fields": {
- "name": "Can view question",
- "content_type": 101,
- "codename": "view_question"
- }
-},
-{
- "model": "auth.permission",
- "pk": 405,
- "fields": {
- "name": "Can add text question",
- "content_type": 102,
- "codename": "add_textquestion"
- }
-},
-{
- "model": "auth.permission",
- "pk": 406,
- "fields": {
- "name": "Can change text question",
- "content_type": 102,
- "codename": "change_textquestion"
- }
-},
-{
- "model": "auth.permission",
- "pk": 407,
- "fields": {
- "name": "Can delete text question",
- "content_type": 102,
- "codename": "delete_textquestion"
- }
-},
-{
- "model": "auth.permission",
- "pk": 408,
- "fields": {
- "name": "Can view text question",
- "content_type": 102,
- "codename": "view_textquestion"
- }
-},
-{
- "model": "auth.permission",
- "pk": 409,
- "fields": {
- "name": "Can add choice",
- "content_type": 103,
- "codename": "add_choice"
- }
-},
-{
- "model": "auth.permission",
- "pk": 410,
- "fields": {
- "name": "Can change choice",
- "content_type": 103,
- "codename": "change_choice"
- }
-},
-{
- "model": "auth.permission",
- "pk": 411,
- "fields": {
- "name": "Can delete choice",
- "content_type": 103,
- "codename": "delete_choice"
- }
-},
-{
- "model": "auth.permission",
- "pk": 412,
- "fields": {
- "name": "Can view choice",
- "content_type": 103,
- "codename": "view_choice"
- }
-},
-{
- "model": "auth.permission",
- "pk": 413,
- "fields": {
- "name": "Can add choice question",
- "content_type": 104,
- "codename": "add_choicequestion"
- }
-},
-{
- "model": "auth.permission",
- "pk": 414,
- "fields": {
- "name": "Can change choice question",
- "content_type": 104,
- "codename": "change_choicequestion"
- }
-},
-{
- "model": "auth.permission",
- "pk": 415,
- "fields": {
- "name": "Can delete choice question",
- "content_type": 104,
- "codename": "delete_choicequestion"
- }
-},
-{
- "model": "auth.permission",
- "pk": 416,
- "fields": {
- "name": "Can view choice question",
- "content_type": 104,
- "codename": "view_choicequestion"
- }
-},
-{
- "model": "auth.permission",
- "pk": 417,
- "fields": {
- "name": "Can add Engagement Survey",
- "content_type": 105,
- "codename": "add_engagement_survey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 418,
- "fields": {
- "name": "Can change Engagement Survey",
- "content_type": 105,
- "codename": "change_engagement_survey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 419,
- "fields": {
- "name": "Can delete Engagement Survey",
- "content_type": 105,
- "codename": "delete_engagement_survey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 420,
- "fields": {
- "name": "Can view Engagement Survey",
- "content_type": 105,
- "codename": "view_engagement_survey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 421,
- "fields": {
- "name": "Can add Answered Engagement Survey",
- "content_type": 106,
- "codename": "add_answered_survey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 422,
- "fields": {
- "name": "Can change Answered Engagement Survey",
- "content_type": 106,
- "codename": "change_answered_survey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 423,
- "fields": {
- "name": "Can delete Answered Engagement Survey",
- "content_type": 106,
- "codename": "delete_answered_survey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 424,
- "fields": {
- "name": "Can view Answered Engagement Survey",
- "content_type": 106,
- "codename": "view_answered_survey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 425,
- "fields": {
- "name": "Can add General Engagement Survey",
- "content_type": 107,
- "codename": "add_general_survey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 426,
- "fields": {
- "name": "Can change General Engagement Survey",
- "content_type": 107,
- "codename": "change_general_survey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 427,
- "fields": {
- "name": "Can delete General Engagement Survey",
- "content_type": 107,
- "codename": "delete_general_survey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 428,
- "fields": {
- "name": "Can view General Engagement Survey",
- "content_type": 107,
- "codename": "view_general_survey"
- }
-},
-{
- "model": "auth.permission",
- "pk": 429,
- "fields": {
- "name": "Can add answer",
- "content_type": 108,
- "codename": "add_answer"
- }
-},
-{
- "model": "auth.permission",
- "pk": 430,
- "fields": {
- "name": "Can change answer",
- "content_type": 108,
- "codename": "change_answer"
- }
-},
-{
- "model": "auth.permission",
- "pk": 431,
- "fields": {
- "name": "Can delete answer",
- "content_type": 108,
- "codename": "delete_answer"
- }
-},
-{
- "model": "auth.permission",
- "pk": 432,
- "fields": {
- "name": "Can view answer",
- "content_type": 108,
- "codename": "view_answer"
- }
-},
-{
- "model": "auth.permission",
- "pk": 433,
- "fields": {
- "name": "Can add text answer",
- "content_type": 109,
- "codename": "add_textanswer"
- }
-},
-{
- "model": "auth.permission",
- "pk": 434,
- "fields": {
- "name": "Can change text answer",
- "content_type": 109,
- "codename": "change_textanswer"
- }
-},
-{
- "model": "auth.permission",
- "pk": 435,
- "fields": {
- "name": "Can delete text answer",
- "content_type": 109,
- "codename": "delete_textanswer"
- }
-},
-{
- "model": "auth.permission",
- "pk": 436,
- "fields": {
- "name": "Can view text answer",
- "content_type": 109,
- "codename": "view_textanswer"
- }
-},
-{
- "model": "auth.permission",
- "pk": 437,
- "fields": {
- "name": "Can add choice answer",
- "content_type": 110,
- "codename": "add_choiceanswer"
- }
-},
-{
- "model": "auth.permission",
- "pk": 438,
- "fields": {
- "name": "Can change choice answer",
- "content_type": 110,
- "codename": "change_choiceanswer"
- }
-},
-{
- "model": "auth.permission",
- "pk": 439,
- "fields": {
- "name": "Can delete choice answer",
- "content_type": 110,
- "codename": "delete_choiceanswer"
- }
-},
-{
- "model": "auth.permission",
- "pk": 440,
- "fields": {
- "name": "Can view choice answer",
- "content_type": 110,
- "codename": "view_choiceanswer"
- }
-},
-{
- "model": "auth.permission",
- "pk": 441,
- "fields": {
- "name": "Can add search entry",
- "content_type": 111,
- "codename": "add_searchentry"
- }
-},
-{
- "model": "auth.permission",
- "pk": 442,
- "fields": {
- "name": "Can change search entry",
- "content_type": 111,
- "codename": "change_searchentry"
- }
-},
-{
- "model": "auth.permission",
- "pk": 443,
- "fields": {
- "name": "Can delete search entry",
- "content_type": 111,
- "codename": "delete_searchentry"
- }
-},
-{
- "model": "auth.permission",
- "pk": 444,
- "fields": {
- "name": "Can view search entry",
- "content_type": 111,
- "codename": "view_searchentry"
- }
-},
-{
- "model": "auth.permission",
- "pk": 445,
- "fields": {
- "name": "Can add tag",
- "content_type": 112,
- "codename": "add_tag"
- }
-},
-{
- "model": "auth.permission",
- "pk": 446,
- "fields": {
- "name": "Can change tag",
- "content_type": 112,
- "codename": "change_tag"
- }
-},
-{
- "model": "auth.permission",
- "pk": 447,
- "fields": {
- "name": "Can delete tag",
- "content_type": 112,
- "codename": "delete_tag"
- }
-},
-{
- "model": "auth.permission",
- "pk": 448,
- "fields": {
- "name": "Can view tag",
- "content_type": 112,
- "codename": "view_tag"
- }
-},
-{
- "model": "auth.permission",
- "pk": 449,
- "fields": {
- "name": "Can add tagged item",
- "content_type": 113,
- "codename": "add_taggeditem"
- }
-},
-{
- "model": "auth.permission",
- "pk": 450,
- "fields": {
- "name": "Can change tagged item",
- "content_type": 113,
- "codename": "change_taggeditem"
- }
-},
-{
- "model": "auth.permission",
- "pk": 451,
- "fields": {
- "name": "Can delete tagged item",
- "content_type": 113,
- "codename": "delete_taggeditem"
- }
-},
-{
- "model": "auth.permission",
- "pk": 452,
- "fields": {
- "name": "Can view tagged item",
- "content_type": 113,
- "codename": "view_taggeditem"
- }
-},
-{
- "model": "auth.permission",
- "pk": 453,
- "fields": {
- "name": "Can add Token",
- "content_type": 114,
- "codename": "add_token"
- }
-},
-{
- "model": "auth.permission",
- "pk": 454,
- "fields": {
- "name": "Can change Token",
- "content_type": 114,
- "codename": "change_token"
- }
-},
-{
- "model": "auth.permission",
- "pk": 455,
- "fields": {
- "name": "Can delete Token",
- "content_type": 114,
- "codename": "delete_token"
- }
-},
-{
- "model": "auth.permission",
- "pk": 456,
- "fields": {
- "name": "Can view Token",
- "content_type": 114,
- "codename": "view_token"
- }
-},
-{
- "model": "auth.permission",
- "pk": 457,
- "fields": {
- "name": "Can add Token",
- "content_type": 115,
- "codename": "add_tokenproxy"
- }
-},
-{
- "model": "auth.permission",
- "pk": 458,
- "fields": {
- "name": "Can change Token",
- "content_type": 115,
- "codename": "change_tokenproxy"
- }
-},
-{
- "model": "auth.permission",
- "pk": 459,
- "fields": {
- "name": "Can delete Token",
- "content_type": 115,
- "codename": "delete_tokenproxy"
- }
-},
-{
- "model": "auth.permission",
- "pk": 460,
- "fields": {
- "name": "Can view Token",
- "content_type": 115,
- "codename": "view_tokenproxy"
- }
-},
-{
- "model": "auth.permission",
- "pk": 461,
- "fields": {
- "name": "Can add task result",
- "content_type": 116,
- "codename": "add_taskresult"
- }
-},
-{
- "model": "auth.permission",
- "pk": 462,
- "fields": {
- "name": "Can change task result",
- "content_type": 116,
- "codename": "change_taskresult"
- }
-},
-{
- "model": "auth.permission",
- "pk": 463,
- "fields": {
- "name": "Can delete task result",
- "content_type": 116,
- "codename": "delete_taskresult"
- }
-},
-{
- "model": "auth.permission",
- "pk": 464,
- "fields": {
- "name": "Can view task result",
- "content_type": 116,
- "codename": "view_taskresult"
- }
-},
-{
- "model": "auth.permission",
- "pk": 465,
- "fields": {
- "name": "Can add chord counter",
- "content_type": 117,
- "codename": "add_chordcounter"
- }
-},
-{
- "model": "auth.permission",
- "pk": 466,
- "fields": {
- "name": "Can change chord counter",
- "content_type": 117,
- "codename": "change_chordcounter"
- }
-},
-{
- "model": "auth.permission",
- "pk": 467,
- "fields": {
- "name": "Can delete chord counter",
- "content_type": 117,
- "codename": "delete_chordcounter"
- }
-},
-{
- "model": "auth.permission",
- "pk": 468,
- "fields": {
- "name": "Can view chord counter",
- "content_type": 117,
- "codename": "view_chordcounter"
- }
-},
-{
- "model": "auth.permission",
- "pk": 469,
- "fields": {
- "name": "Can add group result",
- "content_type": 118,
- "codename": "add_groupresult"
- }
-},
-{
- "model": "auth.permission",
- "pk": 470,
- "fields": {
- "name": "Can change group result",
- "content_type": 118,
- "codename": "change_groupresult"
- }
-},
-{
- "model": "auth.permission",
- "pk": 471,
- "fields": {
- "name": "Can delete group result",
- "content_type": 118,
- "codename": "delete_groupresult"
- }
-},
-{
- "model": "auth.permission",
- "pk": 472,
- "fields": {
- "name": "Can view group result",
- "content_type": 118,
- "codename": "view_groupresult"
- }
-},
-{
- "model": "auth.permission",
- "pk": 473,
- "fields": {
- "name": "Can add user social auth",
- "content_type": 119,
- "codename": "add_usersocialauth"
- }
-},
-{
- "model": "auth.permission",
- "pk": 474,
- "fields": {
- "name": "Can change user social auth",
- "content_type": 119,
- "codename": "change_usersocialauth"
- }
-},
-{
- "model": "auth.permission",
- "pk": 475,
- "fields": {
- "name": "Can delete user social auth",
- "content_type": 119,
- "codename": "delete_usersocialauth"
- }
-},
-{
- "model": "auth.permission",
- "pk": 476,
- "fields": {
- "name": "Can view user social auth",
- "content_type": 119,
- "codename": "view_usersocialauth"
- }
-},
-{
- "model": "auth.permission",
- "pk": 477,
- "fields": {
- "name": "Can add nonce",
- "content_type": 120,
- "codename": "add_nonce"
- }
-},
-{
- "model": "auth.permission",
- "pk": 478,
- "fields": {
- "name": "Can change nonce",
- "content_type": 120,
- "codename": "change_nonce"
- }
-},
-{
- "model": "auth.permission",
- "pk": 479,
- "fields": {
- "name": "Can delete nonce",
- "content_type": 120,
- "codename": "delete_nonce"
- }
-},
-{
- "model": "auth.permission",
- "pk": 480,
- "fields": {
- "name": "Can view nonce",
- "content_type": 120,
- "codename": "view_nonce"
- }
-},
-{
- "model": "auth.permission",
- "pk": 481,
- "fields": {
- "name": "Can add association",
- "content_type": 121,
- "codename": "add_association"
- }
-},
-{
- "model": "auth.permission",
- "pk": 482,
- "fields": {
- "name": "Can change association",
- "content_type": 121,
- "codename": "change_association"
- }
-},
-{
- "model": "auth.permission",
- "pk": 483,
- "fields": {
- "name": "Can delete association",
- "content_type": 121,
- "codename": "delete_association"
- }
-},
-{
- "model": "auth.permission",
- "pk": 484,
- "fields": {
- "name": "Can view association",
- "content_type": 121,
- "codename": "view_association"
- }
-},
-{
- "model": "auth.permission",
- "pk": 485,
- "fields": {
- "name": "Can add code",
- "content_type": 122,
- "codename": "add_code"
- }
-},
-{
- "model": "auth.permission",
- "pk": 486,
- "fields": {
- "name": "Can change code",
- "content_type": 122,
- "codename": "change_code"
- }
-},
-{
- "model": "auth.permission",
- "pk": 487,
- "fields": {
- "name": "Can delete code",
- "content_type": 122,
- "codename": "delete_code"
- }
-},
-{
- "model": "auth.permission",
- "pk": 488,
- "fields": {
- "name": "Can view code",
- "content_type": 122,
- "codename": "view_code"
- }
-},
-{
- "model": "auth.permission",
- "pk": 489,
- "fields": {
- "name": "Can add partial",
- "content_type": 123,
- "codename": "add_partial"
- }
-},
-{
- "model": "auth.permission",
- "pk": 490,
- "fields": {
- "name": "Can change partial",
- "content_type": 123,
- "codename": "change_partial"
- }
-},
-{
- "model": "auth.permission",
- "pk": 491,
- "fields": {
- "name": "Can delete partial",
- "content_type": 123,
- "codename": "delete_partial"
- }
-},
-{
- "model": "auth.permission",
- "pk": 492,
- "fields": {
- "name": "Can view partial",
- "content_type": 123,
- "codename": "view_partial"
- }
-},
-{
- "model": "auth.user",
- "pk": 1,
- "fields": {
- "password": "argon2$argon2id$v=19$m=102400,t=2,p=8$QWhxVG83MmNUeWJNVkdUVGlWMjA0UQ$/J5hg9oXSu/gzSUej3Ggsv2szRbuyU6+HV6b09hDaEk",
- "last_login": "2025-01-03T05:55:45.996Z",
- "is_superuser": true,
- "username": "admin",
- "first_name": "",
- "last_name": "",
- "email": "",
- "is_staff": true,
- "is_active": true,
- "date_joined": "2021-07-02T00:21:09.430Z",
- "groups": [],
- "user_permissions": []
- }
-},
-{
- "model": "auth.user",
- "pk": 2,
- "fields": {
- "password": "pbkdf2_sha256$36000$XjtRvaEUL7kO$0fHWkPd13aIi6JYD1fadj1Vt1D8zDJCbbSzHFSXDBOw=",
- "last_login": "2021-11-05T07:22:26.370Z",
- "is_superuser": false,
- "username": "product_manager",
- "first_name": "",
- "last_name": "",
- "email": "",
- "is_staff": false,
- "is_active": true,
- "date_joined": "2021-07-01T07:59:51Z",
- "groups": [],
- "user_permissions": []
- }
-},
-{
- "model": "auth.user",
- "pk": 3,
- "fields": {
- "password": "pbkdf2_sha256$36000$1qzIv2IwPiUw$//wV1kpCO8jj+Vp46gOf4TDo2ITxex5/FdNPOldHlsQ=",
- "last_login": "2021-07-04T23:13:00.869Z",
- "is_superuser": false,
- "username": "user2",
- "first_name": "",
- "last_name": "",
- "email": "",
- "is_staff": false,
- "is_active": true,
- "date_joined": "2021-07-02T00:22:09.558Z",
- "groups": [],
- "user_permissions": []
- }
-},
-{
- "model": "contenttypes.contenttype",
- "pk": 1,
- "fields": {
- "app_label": "auth",
- "model": "permission"
- }
-},
-{
- "model": "contenttypes.contenttype",
- "pk": 2,
- "fields": {
- "app_label": "auth",
- "model": "group"
- }
-},
-{
- "model": "contenttypes.contenttype",
- "pk": 3,
- "fields": {
- "app_label": "auth",
- "model": "user"
- }
-},
-{
- "model": "contenttypes.contenttype",
- "pk": 4,
- "fields": {
- "app_label": "contenttypes",
- "model": "contenttype"
- }
-},
-{
- "model": "contenttypes.contenttype",
- "pk": 5,
- "fields": {
- "app_label": "sessions",
- "model": "session"
- }
-},
-{
- "model": "contenttypes.contenttype",
- "pk": 6,
- "fields": {
- "app_label": "sites",
- "model": "site"
- }
-},
-{
- "model": "contenttypes.contenttype",
- "pk": 7,
- "fields": {
- "app_label": "admin",
- "model": "logentry"
- }
-},
-{
- "model": "contenttypes.contenttype",
- "pk": 8,
- "fields": {
- "app_label": "auditlog",
- "model": "logentry"
- }
-},
-{
- "model": "contenttypes.contenttype",
- "pk": 9,
- "fields": {
- "app_label": "dojo",
- "model": "regulation"
- }
-},
-{
- "model": "contenttypes.contenttype",
- "pk": 10,
- "fields": {
- "app_label": "dojo",
- "model": "dojo_user"
- }
-},
-{
- "model": "contenttypes.contenttype",
- "pk": 11,
- "fields": {
- "app_label": "dojo",
- "model": "usercontactinfo"
- }
-},
-{
- "model": "contenttypes.contenttype",
- "pk": 12,
- "fields": {
- "app_label": "dojo",
- "model": "dojo_group"
- }
+ "model": "auth.user",
+ "fields": {
+ "password": "argon2$argon2id$v=19$m=102400,t=2,p=8$S2NCTzJ5b0F6SUJPdnVZTXpJVnlDRA$eS/SvwIW7KoVnINE5uzkv5GZ7biJz34gA0WmRlHgqWQ",
+ "last_login": "2025-01-17T17:31:35.946Z",
+ "is_superuser": true,
+ "username": "admin",
+ "first_name": "",
+ "last_name": "",
+ "email": "",
+ "is_staff": true,
+ "is_active": true,
+ "date_joined": "2021-07-02T00:21:09.430Z",
+ "groups": [],
+ "user_permissions": []
+ }
+},
+{
+ "model": "auth.user",
+ "fields": {
+ "password": "pbkdf2_sha256$36000$XjtRvaEUL7kO$0fHWkPd13aIi6JYD1fadj1Vt1D8zDJCbbSzHFSXDBOw=",
+ "last_login": "2021-11-05T07:22:26.370Z",
+ "is_superuser": false,
+ "username": "product_manager",
+ "first_name": "",
+ "last_name": "",
+ "email": "",
+ "is_staff": false,
+ "is_active": true,
+ "date_joined": "2021-07-01T07:59:51Z",
+ "groups": [],
+ "user_permissions": []
+ }
+},
+{
+ "model": "auth.user",
+ "fields": {
+ "password": "pbkdf2_sha256$36000$1qzIv2IwPiUw$//wV1kpCO8jj+Vp46gOf4TDo2ITxex5/FdNPOldHlsQ=",
+ "last_login": "2021-07-04T23:13:00.869Z",
+ "is_superuser": false,
+ "username": "user2",
+ "first_name": "",
+ "last_name": "",
+ "email": "",
+ "is_staff": false,
+ "is_active": true,
+ "date_joined": "2021-07-02T00:22:09.558Z",
+ "groups": [],
+ "user_permissions": []
+ }
+},
+{
+ "model": "sessions.session",
+ "pk": "02imfxe3vzf9qqv4nz7zzatmyk7ccwsm",
+ "fields": {
+ "session_data": ".eJxVjEFOwzAQRe_idRWS2E6cSgiJBWLDCRCyZjyTxCW1kZ1sqHJ3XFGpsJz_3ryLsLCts90yJ-tJHEUjDn83BPfJ4QroBGGKlYthTR6rq1LdaK7eIvHyfHP_BWbIc_nWgwKtTI3Q907VHaBq-1aRZhpwHCQydugaSYM21DhE08jR9C3UElsNpkQpnqLFxEAubWfM4vh-EatfFy7913jm4mxpKceD2A939OID-TDlOx5_l6cvmNhm_82PUnVi_9h_AEdoWSA:1tYqC0:LSmimZ6BKjaiWqy0GWalABJpfYwXloJl6j0Uyq5H_pM",
+ "expire_date": "2025-01-31T17:31:36.944Z"
+ }
+},
+{
+ "model": "sessions.session",
+ "pk": "0fy0ogscdoq7gy7k3rsgp39zumcidfu9",
+ "fields": {
+ "session_data": "NzEyZjZiNDQ0ZTBkNTllYjE2MjY5OTRmYjBhZjRlNTU1NjIyOTcxZDp7Il9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=",
+ "expire_date": "2021-12-07T06:07:31.598Z"
+ }
+},
+{
+ "model": "sessions.session",
+ "pk": "2dqr18yqu9mzb87abk0okid75w2clakl",
+ "fields": {
+ "session_data": "ZmY5ZWRlNzI5OTdlMmMxNjBmNjQwODU2YWQ4ODlmNGUzNDUyOTljOTp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9tZXRyaWNzIiwidGl0bGUiOiJQcm9kdWN0IFR5cGUgTWV0cmljcyJ9XSwiX2F1dGhfdXNlcl9oYXNoIjoiODE0OTY0ZTdhNzUyNDQyZjM1MjczNTExMGVkZGZjNzc4YjE0MTU3MiIsIl9hdXRoX3VzZXJfaWQiOiIzIiwiX2F1dGhfdXNlcl9iYWNrZW5kIjoiZGphbmdvLmNvbnRyaWIuYXV0aC5iYWNrZW5kcy5Nb2RlbEJhY2tlbmQifQ==",
+ "expire_date": "2021-07-18T23:13:01.138Z"
+ }
+},
+{
+ "model": "sessions.session",
+ "pk": "91he362uu4zzlkmhn3g87fstw6gpb8h9",
+ "fields": {
+ "session_data": "NTU0NDNiNWE4YzY2Y2I2ZGQ4ZjQ4ZWM1NTZhZmFmZmEzODI0ODJiMDp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6IjVmNWFhZWQ4ZTY3YzllZDkyNGIxNDQxMTQ0NmRmYmJjZTY3YzgxNmUiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=",
+ "expire_date": "2021-11-19T05:11:08.323Z"
+ }
+},
+{
+ "model": "sessions.session",
+ "pk": "9voht5jb42emoela71zpbqz04ror8xcw",
+ "fields": {
+ "session_data": "NjZhNGEzMTYxNjE4OWEzOWMwNWU1Njg0ODg5NTQ4Mzk3N2I0OTVkMzp7ImRvam9fYnJlYWRjcnVtYnMiOm51bGwsIl9hdXRoX3VzZXJfaGFzaCI6IjVmNWFhZWQ4ZTY3YzllZDkyNGIxNDQxMTQ0NmRmYmJjZTY3YzgxNmUiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=",
+ "expire_date": "2021-11-30T06:31:13.710Z"
+ }
+},
+{
+ "model": "sessions.session",
+ "pk": "c29i459wf0jkdkluez09s3yjmqos689f",
+ "fields": {
+ "session_data": "MzllYzU2NjM4MDcwY2MxNjRiOTI2YzU5NDE1Y2Y2YWE3Y2Q2N2RmODp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6IjVkMDczODI0ZmUyNmMyZDc4M2NjZmVlMjU2YTI4OWU1NTFiOTVhYTUiLCJfYXV0aF91c2VyX2lkIjoiMSIsIl9hdXRoX3VzZXJfYmFja2VuZCI6ImRqYW5nby5jb250cmliLmF1dGguYmFja2VuZHMuTW9kZWxCYWNrZW5kIn0=",
+ "expire_date": "2021-12-07T05:18:56.251Z"
+ }
+},
+{
+ "model": "sessions.session",
+ "pk": "eme9gyi7zn436wzeyoto51egukxj8qy7",
+ "fields": {
+ "session_data": ".eJxVjEEOwiAQRe_C2hBgKDAu3fcMZIBRqoYmpV0Z765NutDtf-_9l4i0rTVunZc4FXEWWpx-t0T5wW0H5U7tNss8t3WZktwVedAux7nw83K4fweVev3WjorL2Rob0A5ac4JQfFYKgIkheGJkjaiNHxDRXTUoJA5gKRlQ2Yr3B8_sNxs:1mbNDM:BgL5LziNRBqwTSTO0RrBtCMHXn6G7AB2drrlm17fEdc",
+ "expire_date": "2025-01-17T05:47:46.263Z"
+ }
+},
+{
+ "model": "sessions.session",
+ "pk": "g0fpchyt0my3n4ks1v2jj0lp3hgsdjgg",
+ "fields": {
+ "session_data": ".eJxVjLsOwjAMRf8lc1UCLaFmZGJhYEaocmKHFkoj8piq_jtBQjxG33N8JtFiil2bAvu2J7EVS1H8bhrNjccXoCuOF1caN0bf6_KllG8ayoMjHnZv9y_QYejytwS20GgEuamtUqw0NhZhDUAgFXClDUmLTSXNSpFkIrmqaGNr0gTrqs5RclfXas9Ixqe7DmJ7mkTs48C5v3d3zk7yQz4WYi6-6Jg4xN6N4csfn2k-z0_ReVZ2:1mbNL6:bNhQm1g9-3-4R9g0NeLcUGe06pb69i1dvOQXk_fOGcQ",
+ "expire_date": "2025-01-17T05:55:46.185Z"
+ }
+},
+{
+ "model": "sessions.session",
+ "pk": "gv3v9rnpgxqswy7lin8p55oqahdeatwu",
+ "fields": {
+ "session_data": "Mjk5OGE0MDZiZWZkMzRiZjcxZDg4MWE2M2U4NDM1ZTExOWQ3MGM0ZTp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii90ZXN0X3R5cGUiLCJ0aXRsZSI6IlRlc3QgVHlwZSBMaXN0In1dLCJfYXV0aF91c2VyX2hhc2giOiJjOGQxY2IxNDU1NmI5YzYyZmRkMjRlMTEwNDljMjMyNjlkYTgzZDU2IiwiX2F1dGhfdXNlcl9pZCI6IjEiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCJ9",
+ "expire_date": "2021-11-17T06:33:39.074Z"
+ }
+},
+{
+ "model": "sessions.session",
+ "pk": "imsqmmk97qms70tz0e55yumkf5ehcfjw",
+ "fields": {
+ "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=",
+ "expire_date": "2021-07-19T22:22:52.744Z"
+ }
+},
+{
+ "model": "sessions.session",
+ "pk": "jd1dvmzg2kdst1dvjvd82xto3two999q",
+ "fields": {
+ "session_data": "MWJhOTUzZGJkYzRjOTcxYjg0YmNmNjQ2M2FjZTA1Y2I3YjQwMWU5Njp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=",
+ "expire_date": "2021-11-19T07:37:14.206Z"
+ }
+},
+{
+ "model": "sessions.session",
+ "pk": "nrksf0iuveua4cjxcy9m5i5nvvnswks0",
+ "fields": {
+ "session_data": "MWJhOTUzZGJkYzRjOTcxYjg0YmNmNjQ2M2FjZTA1Y2I3YjQwMWU5Njp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=",
+ "expire_date": "2021-11-19T12:12:49.262Z"
+ }
+},
+{
+ "model": "sessions.session",
+ "pk": "ocg999bmxmjn5q2ebcddpzbr1a3ewpvt",
+ "fields": {
+ "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=",
+ "expire_date": "2021-07-16T00:21:49.329Z"
+ }
+},
+{
+ "model": "sites.site",
+ "fields": {
+ "domain": "example.com",
+ "name": "example.com"
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 1,
+ "fields": {
+ "action_time": "2021-07-02T00:22:01.258Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "auth",
+ "user"
+ ],
+ "object_id": "2",
+ "object_repr": "user1",
+ "action_flag": 1,
+ "change_message": "[{\"added\": {}}]"
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 2,
+ "fields": {
+ "action_time": "2021-07-02T00:22:09.722Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "auth",
+ "user"
+ ],
+ "object_id": "3",
+ "object_repr": "user2",
+ "action_flag": 1,
+ "change_message": "[{\"added\": {}}]"
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 3,
+ "fields": {
+ "action_time": "2021-11-04T08:57:11.661Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "6",
+ "object_repr": "High Impact test finding",
+ "action_flag": 2,
+ "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]"
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 4,
+ "fields": {
+ "action_time": "2021-11-04T08:57:21.204Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "4",
+ "object_repr": "High Impact test finding",
+ "action_flag": 2,
+ "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]"
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 5,
+ "fields": {
+ "action_time": "2021-11-04T08:57:32.008Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "2",
+ "object_repr": "High Impact test finding",
+ "action_flag": 2,
+ "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]"
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 6,
+ "fields": {
+ "action_time": "2021-11-04T08:58:15.735Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "3",
+ "object_repr": "High Impact test finding",
+ "action_flag": 2,
+ "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]"
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 7,
+ "fields": {
+ "action_time": "2021-11-04T08:58:43.433Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "5",
+ "object_repr": "High Impact test finding",
+ "action_flag": 3,
+ "change_message": ""
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 8,
+ "fields": {
+ "action_time": "2021-11-04T08:58:43.474Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "7",
+ "object_repr": "DUMMY FINDING",
+ "action_flag": 3,
+ "change_message": ""
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 9,
+ "fields": {
+ "action_time": "2021-11-04T08:58:43.495Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "6",
+ "object_repr": "High Impact test finding",
+ "action_flag": 3,
+ "change_message": ""
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 10,
+ "fields": {
+ "action_time": "2021-11-04T08:58:43.501Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "4",
+ "object_repr": "High Impact test finding",
+ "action_flag": 3,
+ "change_message": ""
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 11,
+ "fields": {
+ "action_time": "2021-11-04T08:58:43.507Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "3",
+ "object_repr": "High Impact test finding",
+ "action_flag": 3,
+ "change_message": ""
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 12,
+ "fields": {
+ "action_time": "2021-11-04T08:58:43.512Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "2",
+ "object_repr": "High Impact test finding",
+ "action_flag": 3,
+ "change_message": ""
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 13,
+ "fields": {
+ "action_time": "2021-11-04T09:00:09.825Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "jira_issue"
+ ],
+ "object_id": "1",
+ "object_repr": "Java",
+ "action_flag": 1,
+ "change_message": "[{\"added\": {}}]"
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 14,
+ "fields": {
+ "action_time": "2021-11-04T09:13:05.793Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "jira_issue"
+ ],
+ "object_id": "4",
+ "object_repr": "XML",
+ "action_flag": 1,
+ "change_message": "[{\"added\": {}}]"
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 15,
+ "fields": {
+ "action_time": "2021-11-04T09:14:00.425Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "jira_issue"
+ ],
+ "object_id": "3",
+ "object_repr": "JavaScript",
+ "action_flag": 2,
+ "change_message": "[{\"changed\": {\"fields\": [\"user\", \"files\", \"blank\", \"comment\", \"code\"]}}]"
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 16,
+ "fields": {
+ "action_time": "2021-11-04T09:20:33.497Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "notification_webhooks"
+ ],
+ "object_id": "1",
+ "object_repr": "Tomcat | Bodgeit",
+ "action_flag": 1,
+ "change_message": "[{\"added\": {}}]"
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 17,
+ "fields": {
+ "action_time": "2021-11-04T13:06:05.480Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "dojo",
+ "jira_issue"
+ ],
+ "object_id": "2",
+ "object_repr": "Python",
+ "action_flag": 2,
+ "change_message": "[{\"changed\": {\"fields\": [\"user\", \"files\", \"blank\", \"comment\", \"code\"]}}]"
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 18,
+ "fields": {
+ "action_time": "2021-11-05T07:13:16.077Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "auth",
+ "user"
+ ],
+ "object_id": "1",
+ "object_repr": "admin",
+ "action_flag": 2,
+ "change_message": "[{\"changed\": {\"fields\": [\"password\"]}}]"
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 19,
+ "fields": {
+ "action_time": "2021-11-05T07:13:53.435Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "auth",
+ "user"
+ ],
+ "object_id": "2",
+ "object_repr": "product_manager",
+ "action_flag": 2,
+ "change_message": "[{\"changed\": {\"fields\": [\"password\"]}}]"
+ }
+},
+{
+ "model": "admin.logentry",
+ "pk": 20,
+ "fields": {
+ "action_time": "2021-11-05T07:21:45.543Z",
+ "user": [
+ "admin"
+ ],
+ "content_type": [
+ "auth",
+ "user"
+ ],
+ "object_id": "2",
+ "object_repr": "product_manager",
+ "action_flag": 2,
+ "change_message": "[{\"changed\": {\"fields\": [\"is_staff\"]}}]"
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "product_type"
+ ],
+ "object_pk": "1",
+ "object_id": 1,
+ "object_repr": "Research and Development",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"key_product\": [\"None\", \"False\"], \"id\": [\"None\", \"1\"], \"name\": [\"None\", \"Research and Development\"], \"critical_product\": [\"None\", \"False\"], \"prod_type\": [\"None\", \"dojo.Product.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:19.938Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 2,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "product_type"
+ ],
+ "object_pk": "2",
+ "object_id": 2,
+ "object_repr": "Commerce",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"updated\": [\"None\", \"2021-11-04 09:27:38.846000\"], \"key_product\": [\"None\", \"False\"], \"id\": [\"None\", \"2\"], \"name\": [\"None\", \"Commerce\"], \"critical_product\": [\"None\", \"True\"], \"prod_type\": [\"None\", \"dojo.Product.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.051Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 3,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "product_type"
+ ],
+ "object_pk": "3",
+ "object_id": 3,
+ "object_repr": "Billing",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"updated\": [\"None\", \"2021-11-04 09:27:51.762000\"], \"key_product\": [\"None\", \"True\"], \"id\": [\"None\", \"3\"], \"name\": [\"None\", \"Billing\"], \"critical_product\": [\"None\", \"False\"], \"prod_type\": [\"None\", \"dojo.Product.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.063Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 4,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "product"
+ ],
+ "object_pk": "1",
+ "object_id": 1,
+ "object_repr": "BodgeIt",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"team_manager\": [\"None\", \"(product_manager)\"], \"prod_type\": [\"None\", \"Commerce\"], \"updated\": [\"None\", \"2025-01-17 16:52:28.298000\"], \"sla_configuration\": [\"None\", \"Default\"], \"tid\": [\"None\", \"0\"], \"prod_numeric_grade\": [\"None\", \"5\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"internal\"], \"user_records\": [\"None\", \"1000000000\"], \"revenue\": [\"None\", \"1000.00\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"True\"], \"enable_product_tag_inheritance\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"], \"disable_sla_breach_notifications\": [\"None\", \"False\"], \"async_updating\": [\"None\", \"False\"], \"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"1\"], \"name\": [\"None\", \"BodgeIt\"], \"description\": [\"None\", \"[Features](https://github.com/psiinon/bodgeit) and characteristics:\\r\\n\\r\\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\\r\\n* Self contained (no additional dependencies other than to 2 in the above line)\\r\\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\\r\\n* Cross platform\\r\\n* Open source\\r\\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.148Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 5,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "product"
+ ],
+ "object_pk": "2",
+ "object_id": 2,
+ "object_repr": "Internal CRM App",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Commerce\"], \"updated\": [\"None\", \"2025-01-17 16:52:28.346000\"], \"sla_configuration\": [\"None\", \"Default\"], \"tid\": [\"None\", \"0\"], \"prod_numeric_grade\": [\"None\", \"51\"], \"business_criticality\": [\"None\", \"medium\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"construction\"], \"origin\": [\"None\", \"internal\"], \"external_audience\": [\"None\", \"False\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_product_tag_inheritance\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"], \"disable_sla_breach_notifications\": [\"None\", \"False\"], \"async_updating\": [\"None\", \"False\"], \"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"2\"], \"name\": [\"None\", \"Internal CRM App\"], \"description\": [\"None\", \"* New product in development that attempts to follow all best practices\"], \"product_manager\": [\"None\", \"(product_manager)\"], \"technical_contact\": [\"None\", \"(product_manager)\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.176Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 6,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "product"
+ ],
+ "object_pk": "3",
+ "object_id": 3,
+ "object_repr": "Apple Accounting Software",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Billing\"], \"sla_configuration\": [\"None\", \"Default\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"purchased\"], \"user_records\": [\"None\", \"5000\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_product_tag_inheritance\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"], \"disable_sla_breach_notifications\": [\"None\", \"False\"], \"async_updating\": [\"None\", \"False\"], \"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"3\"], \"name\": [\"None\", \"Apple Accounting Software\"], \"description\": [\"None\", \"Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\\r\\n\\r\\n**Core modules**\\r\\n\\r\\n* Accounts receivable\\u2014where the company enters money received\\r\\n* Accounts payable\\u2014where the company enters its bills and pays money it owes\\r\\n* General ledger\\u2014the company's \\\"books\\\"\\r\\n* Billing\\u2014where the company produces invoices to clients/customers\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.195Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 7,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement"
+ ],
+ "object_pk": "1",
+ "object_id": 1,
+ "object_repr": "Engagement 1: 1st Quarter Engagement (Jun 30, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"1st Quarter Engagement\"], \"description\": [\"None\", \"test Engagement\"], \"target_start\": [\"None\", \"2021-06-30\"], \"target_end\": [\"None\", \"2021-06-30\"], \"id\": [\"None\", \"1\"], \"lead\": [\"None\", \"(product_manager)\"], \"product\": [\"None\", \"Internal CRM App\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"In Progress\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.224Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 8,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement"
+ ],
+ "object_pk": "2",
+ "object_id": 2,
+ "object_repr": "Engagement 2: April Monthly Engagement (Jun 30, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"April Monthly Engagement\"], \"description\": [\"None\", \"Requested by the team for regular manual checkup by the security team.\"], \"target_start\": [\"None\", \"2021-06-30\"], \"target_end\": [\"None\", \"2021-06-30\"], \"id\": [\"None\", \"2\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 09:15:49.870000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.247Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 9,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement"
+ ],
+ "object_pk": "3",
+ "object_id": 3,
+ "object_repr": "Engagement 3: weekly engagement (Jun 21, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"weekly engagement\"], \"description\": [\"None\", \"test Engagement\"], \"target_start\": [\"None\", \"2021-06-21\"], \"target_end\": [\"None\", \"2021-06-22\"], \"id\": [\"None\", \"3\"], \"lead\": [\"None\", \"(product_manager)\"], \"product\": [\"None\", \"Internal CRM App\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.268Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 10,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement"
+ ],
+ "object_pk": "4",
+ "object_id": 4,
+ "object_repr": "Engagement 4: Static Scan (Nov 03, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Static Scan\"], \"description\": [\"None\", \"Initial static scan for Bodgeit.\"], \"version\": [\"None\", \"v.1.2.0\"], \"target_start\": [\"None\", \"2021-11-03\"], \"target_end\": [\"None\", \"2021-11-10\"], \"id\": [\"None\", \"4\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 09:14:58.726000\"], \"created\": [\"None\", \"2021-11-04 09:01:00.647000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.290Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 11,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement"
+ ],
+ "object_pk": "6",
+ "object_id": 6,
+ "object_repr": "Engagement 6: Quarterly PCI Scan (Jan 19, 2022)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Quarterly PCI Scan\"], \"description\": [\"None\", \"Reccuring Quarterly Scan\"], \"target_start\": [\"None\", \"2022-01-19\"], \"target_end\": [\"None\", \"2022-01-26\"], \"id\": [\"None\", \"6\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 09:26:47.339000\"], \"created\": [\"None\", \"2021-11-04 09:25:29.380000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Not Started\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.311Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 12,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement"
+ ],
+ "object_pk": "7",
+ "object_id": 7,
+ "object_repr": "Engagement 7: Ad Hoc Engagement (Nov 03, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Ad Hoc Engagement\"], \"target_start\": [\"None\", \"2021-11-03\"], \"target_end\": [\"None\", \"2021-11-03\"], \"id\": [\"None\", \"7\"], \"product\": [\"None\", \"Internal CRM App\"], \"updated\": [\"None\", \"2021-11-04 09:36:15.136000\"], \"created\": [\"None\", \"2021-11-04 09:36:15.136000\"], \"active\": [\"None\", \"False\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.337Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 13,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement"
+ ],
+ "object_pk": "8",
+ "object_id": 8,
+ "object_repr": "Engagement 8: Initial Assessment (Dec 20, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Initial Assessment\"], \"description\": [\"None\", \"This application needs to be assesed to determine the security posture.\"], \"version\": [\"None\", \"10.2.1\"], \"target_start\": [\"None\", \"2021-12-20\"], \"target_end\": [\"None\", \"2021-12-27\"], \"id\": [\"None\", \"8\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"Apple Accounting Software\"], \"updated\": [\"None\", \"2021-11-04 09:44:29.481000\"], \"created\": [\"None\", \"2021-11-04 09:42:51.116000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Not Started\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.358Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 14,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement"
+ ],
+ "object_pk": "10",
+ "object_id": 10,
+ "object_repr": "Engagement 10: Multiple scanners (Nov 04, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Multiple scanners\"], \"description\": [\"None\", \"Example engagement with multiple scan types.\"], \"version\": [\"None\", \"1.2.1\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-04\"], \"id\": [\"None\", \"10\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-05 06:49:39.475000\"], \"created\": [\"None\", \"2021-11-05 06:44:35.773000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.380Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 15,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement"
+ ],
+ "object_pk": "11",
+ "object_id": 11,
+ "object_repr": "Engagement 11: Manual PenTest (Dec 30, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Manual PenTest\"], \"description\": [\"None\", \"Please do a manual pentest before our next release to prod.\"], \"version\": [\"None\", \"1.9.1\"], \"target_start\": [\"None\", \"2021-12-30\"], \"target_end\": [\"None\", \"2022-01-02\"], \"id\": [\"None\", \"11\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-05 06:55:42.622000\"], \"created\": [\"None\", \"2021-11-05 06:54:11.880000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Blocked\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.405Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 16,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement"
+ ],
+ "object_pk": "12",
+ "object_id": 12,
+ "object_repr": "Engagement 12: CI/CD Baseline Security Test (Nov 04, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"CI/CD Baseline Security Test\"], \"description\": [\"None\", \"\"], \"version\": [\"None\", \"1.1.2\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-11\"], \"id\": [\"None\", \"12\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-05 07:07:44.126000\"], \"created\": [\"None\", \"2021-11-05 07:06:26.136000\"], \"active\": [\"None\", \"False\"], \"tracker\": [\"None\", \"https://github.com/psiinon/bodgeit\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"CI/CD\"], \"build_id\": [\"None\", \"89\"], \"commit_hash\": [\"None\", \"b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6\"], \"branch_tag\": [\"None\", \"master\"], \"source_code_management_uri\": [\"None\", \"https://github.com/psiinon/bodgeit\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.426Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 17,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement"
+ ],
+ "object_pk": "13",
+ "object_id": 13,
+ "object_repr": "Engagement 13: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"AdHoc Import - Fri, 17 Aug 2018 18:20:55\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-04\"], \"id\": [\"None\", \"13\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-05 10:43:05.446000\"], \"created\": [\"None\", \"2021-11-05 10:43:05.446000\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"In Progress\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.447Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 18,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "1",
+ "object_id": 1,
+ "object_repr": "http://127.0.0.1//endpoint/420/edit/",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"1\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"127.0.0.1\"], \"port\": [\"None\", \"80\"], \"path\": [\"None\", \"/endpoint/420/edit/\"], \"product\": [\"None\", \"Internal CRM App\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.470Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 19,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "2",
+ "object_id": 2,
+ "object_repr": "ftp://localhost//",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"2\"], \"protocol\": [\"None\", \"ftp\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"21\"], \"path\": [\"None\", \"/\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.478Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 20,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "3",
+ "object_id": 3,
+ "object_repr": "ssh://127.0.0.1",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"3\"], \"protocol\": [\"None\", \"ssh\"], \"host\": [\"None\", \"127.0.0.1\"], \"port\": [\"None\", \"22\"], \"product\": [\"None\", \"Apple Accounting Software\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.485Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 21,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "4",
+ "object_id": 4,
+ "object_repr": "http://localhost:8888//bodgeit/login.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"4\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/login.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.492Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 22,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "5",
+ "object_id": 5,
+ "object_repr": "127.0.0.1",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"5\"], \"host\": [\"None\", \"127.0.0.1\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.540Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 23,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "6",
+ "object_id": 6,
+ "object_repr": "http://localhost:8888//bodgeit/register.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"6\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/register.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.548Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 24,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "7",
+ "object_id": 7,
+ "object_repr": "http://localhost:8888//bodgeit/password.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"7\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/password.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.554Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 25,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "8",
+ "object_id": 8,
+ "object_repr": "http://localhost:8888//bodgeit/",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"8\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.561Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 26,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "9",
+ "object_id": 9,
+ "object_repr": "http://localhost:8888//bodgeit/basket.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"9\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/basket.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.568Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 27,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "10",
+ "object_id": 10,
+ "object_repr": "http://localhost:8888//bodgeit/advanced.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"10\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/advanced.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.575Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 28,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "11",
+ "object_id": 11,
+ "object_repr": "http://localhost:8888//bodgeit/admin.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"11\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/admin.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.581Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 29,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "12",
+ "object_id": 12,
+ "object_repr": "http://localhost:8888//bodgeit/about.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"12\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/about.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.588Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 30,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "13",
+ "object_id": 13,
+ "object_repr": "http://localhost:8888//bodgeit/contact.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"13\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/contact.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.595Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 31,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "14",
+ "object_id": 14,
+ "object_repr": "http://localhost:8888//bodgeit/home.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"14\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/home.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.601Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 32,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "15",
+ "object_id": 15,
+ "object_repr": "http://localhost:8888//bodgeit/product.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"15\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/product.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.608Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 33,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "16",
+ "object_id": 16,
+ "object_repr": "http://localhost:8888//bodgeit/score.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"16\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/score.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.614Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 34,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "17",
+ "object_id": 17,
+ "object_repr": "http://localhost:8888//bodgeit/search.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"17\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/search.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.621Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 35,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "18",
+ "object_id": 18,
+ "object_repr": "http://localhost:8888//",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"18\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.628Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 36,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint"
+ ],
+ "object_pk": "19",
+ "object_id": 19,
+ "object_repr": "http://localhost:8888//bodgeit/logout.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"19\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/logout.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.635Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 37,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "3",
+ "object_id": 3,
+ "object_repr": "API Test",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 1: 1st Quarter Engagement (Jun 30, 2021)\"], \"test_type\": [\"None\", \"API Test\"], \"target_start\": [\"None\", \"2021-02-18 00:00:00\"], \"target_end\": [\"None\", \"2021-02-27 00:00:00\"], \"estimated_time\": [\"None\", \"00:00:00\"], \"actual_time\": [\"None\", \"00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"id\": [\"None\", \"3\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.649Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 38,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "13",
+ "object_id": 13,
+ "object_repr": "API Test",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 2: April Monthly Engagement (Jun 30, 2021)\"], \"lead\": [\"None\", \"(product_manager)\"], \"test_type\": [\"None\", \"API Test\"], \"target_start\": [\"None\", \"2021-03-21 01:00:00\"], \"target_end\": [\"None\", \"2021-03-22 01:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"id\": [\"None\", \"13\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.660Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 39,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "14",
+ "object_id": 14,
+ "object_repr": "API Test",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 1: 1st Quarter Engagement (Jun 30, 2021)\"], \"test_type\": [\"None\", \"API Test\"], \"target_start\": [\"None\", \"2021-02-18 00:00:00\"], \"target_end\": [\"None\", \"2021-02-27 00:00:00\"], \"estimated_time\": [\"None\", \"02:00:00\"], \"actual_time\": [\"None\", \"00:30:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"id\": [\"None\", \"14\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.669Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 40,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "15",
+ "object_id": 15,
+ "object_repr": "Checkmarx Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 4: Static Scan (Nov 03, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Checkmarx Scan\"], \"target_start\": [\"None\", \"2021-11-03 00:00:00\"], \"target_end\": [\"None\", \"2021-11-03 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 09:01:30.563000\"], \"created\": [\"None\", \"2021-11-04 09:01:30.563000\"], \"id\": [\"None\", \"15\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.679Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 41,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "16",
+ "object_id": 16,
+ "object_repr": "Checkmarx Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 4: Static Scan (Nov 03, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Checkmarx Scan\"], \"target_start\": [\"None\", \"2021-11-03 00:00:00\"], \"target_end\": [\"None\", \"2021-11-03 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 09:03:25.139000\"], \"created\": [\"None\", \"2021-11-04 09:03:25.139000\"], \"id\": [\"None\", \"16\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.689Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 42,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "18",
+ "object_id": 18,
+ "object_repr": "Qualys Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 6: Quarterly PCI Scan (Jan 19, 2022)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Qualys Scan\"], \"target_start\": [\"None\", \"2022-01-19 00:00:00\"], \"target_end\": [\"None\", \"2022-01-24 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 09:26:34.003000\"], \"created\": [\"None\", \"2021-11-04 09:25:46.327000\"], \"id\": [\"None\", \"18\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.699Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 43,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "19",
+ "object_id": 19,
+ "object_repr": "Pen Test",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 7: Ad Hoc Engagement (Nov 03, 2021)\"], \"test_type\": [\"None\", \"Pen Test\"], \"target_start\": [\"None\", \"2021-11-04 09:36:15.180000\"], \"target_end\": [\"None\", \"2021-11-04 09:36:15.180000\"], \"updated\": [\"None\", \"2021-11-04 09:36:15.180000\"], \"created\": [\"None\", \"2021-11-04 09:36:15.180000\"], \"id\": [\"None\", \"19\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.708Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 44,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "20",
+ "object_id": 20,
+ "object_repr": "API Test",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 8: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"API Test\"], \"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 09:43:09.101000\"], \"created\": [\"None\", \"2021-11-04 09:43:09.101000\"], \"id\": [\"None\", \"20\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.718Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 45,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "21",
+ "object_id": 21,
+ "object_repr": "Nmap Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 8: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Nmap Scan\"], \"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Staging\"], \"updated\": [\"None\", \"2021-11-04 09:43:23.410000\"], \"created\": [\"None\", \"2021-11-04 09:43:23.410000\"], \"id\": [\"None\", \"21\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.728Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 46,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "22",
+ "object_id": 22,
+ "object_repr": "Dependency Check Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 8: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Dependency Check Scan\"], \"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 09:43:41.711000\"], \"created\": [\"None\", \"2021-11-04 09:43:41.711000\"], \"id\": [\"None\", \"22\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.738Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 47,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "23",
+ "object_id": 23,
+ "object_repr": "ZAP Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 8: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"ZAP Scan\"], \"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 09:44:01.815000\"], \"created\": [\"None\", \"2021-11-04 09:44:01.815000\"], \"id\": [\"None\", \"23\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.747Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 48,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "25",
+ "object_id": 25,
+ "object_repr": "Dependency Check Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 10: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Dependency Check Scan\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 06:44:35.814000\"], \"created\": [\"None\", \"2021-11-05 06:44:35.814000\"], \"id\": [\"None\", \"25\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.757Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 49,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "26",
+ "object_id": 26,
+ "object_repr": "VCG Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 10: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"VCG Scan\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 06:46:06.450000\"], \"created\": [\"None\", \"2021-11-05 06:46:06.450000\"], \"id\": [\"None\", \"26\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.767Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 50,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "28",
+ "object_id": 28,
+ "object_repr": "Burp Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 10: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Burp Scan\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 06:47:17.517000\"], \"created\": [\"None\", \"2021-11-05 06:47:17.518000\"], \"id\": [\"None\", \"28\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.777Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 51,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "29",
+ "object_id": 29,
+ "object_repr": "Manual Code Review",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 11: Manual PenTest (Dec 30, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Manual Code Review\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-11 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-05 06:54:23.989000\"], \"created\": [\"None\", \"2021-11-05 06:54:23.989000\"], \"id\": [\"None\", \"29\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.787Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 52,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "30",
+ "object_id": 30,
+ "object_repr": "Pen Test",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 11: Manual PenTest (Dec 30, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Pen Test\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-11 00:00:00\"], \"environment\": [\"None\", \"Pre-prod\"], \"updated\": [\"None\", \"2021-11-05 06:54:35.499000\"], \"created\": [\"None\", \"2021-11-05 06:54:35.499000\"], \"id\": [\"None\", \"30\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.798Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 53,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "31",
+ "object_id": 31,
+ "object_repr": "Gosec Scanner",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 12: CI/CD Baseline Security Test (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Gosec Scanner\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 07:07:18.034000\"], \"created\": [\"None\", \"2021-11-05 07:07:18.034000\"], \"id\": [\"None\", \"31\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.808Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 54,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test"
+ ],
+ "object_pk": "32",
+ "object_id": 32,
+ "object_repr": "Burp Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"Engagement 13: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Burp Scan\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 10:43:05.485000\"], \"created\": [\"None\", \"2021-11-05 10:43:05.485000\"], \"id\": [\"None\", \"32\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.818Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 55,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "2",
+ "object_id": 2,
+ "object_repr": "High Impact Test Finding",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"hash_code\": [\"None\", \"91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62\"], \"id\": [\"None\", \"2\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"High Impact Test Finding\"], \"date\": [\"None\", \"2021-03-21\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.707000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.834Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 56,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "3",
+ "object_id": 3,
+ "object_repr": "High Impact Test Finding",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"id\": [\"None\", \"3\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"High Impact Test Finding\"], \"date\": [\"None\", \"2021-03-21\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.280000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.852Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 57,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "4",
+ "object_id": 4,
+ "object_repr": "High Impact Test Finding",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"id\": [\"None\", \"4\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"High Impact Test Finding\"], \"date\": [\"None\", \"2021-03-21\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.297000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.867Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 58,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "5",
+ "object_id": 5,
+ "object_repr": "High Impact Test Finding",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"id\": [\"None\", \"5\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"High Impact Test Finding\"], \"date\": [\"None\", \"2021-03-21\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:12.850000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.882Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 59,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "6",
+ "object_id": 6,
+ "object_repr": "High Impact Test Finding",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"id\": [\"None\", \"6\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"High Impact Test Finding\"], \"date\": [\"None\", \"2021-03-21\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.314000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.897Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 60,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "7",
+ "object_id": 7,
+ "object_repr": "Dummy Finding",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"hash_code\": [\"None\", \"c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0\"], \"id\": [\"None\", \"7\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Dummy Finding\"], \"date\": [\"None\", \"2021-03-20\"], \"sla_expiration_date\": [\"None\", \"2021-04-19\"], \"cwe\": [\"None\", \"1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"http://www.example.com\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"TEST finding\"], \"mitigation\": [\"None\", \"MITIGATION\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.331000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"review_requested_by\": [\"None\", \"(product_manager)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(product_manager)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"1\"], \"reporter\": [\"None\", \"(product_manager)\"], \"numerical_severity\": [\"None\", \"S1\"], \"line\": [\"None\", \"100\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.913Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 61,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "8",
+ "object_id": 8,
+ "object_repr": "SQL Injection (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:32.590000\"], \"hash_code\": [\"None\", \"c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0\"], \"id\": [\"None\", \"8\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.691000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:32.587000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.927Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 62,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "9",
+ "object_id": 9,
+ "object_repr": "Download of Code Without Integrity Check (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:32.769000\"], \"hash_code\": [\"None\", \"a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5\"], \"id\": [\"None\", \"9\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.758000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:32.763000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.942Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 63,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "10",
+ "object_id": 10,
+ "object_repr": "Missing X Frame Options (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:32.948000\"], \"hash_code\": [\"None\", \"418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869\"], \"id\": [\"None\", \"10\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"829\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.904000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:32.945000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.957Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 64,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "11",
+ "object_id": 11,
+ "object_repr": "Information Exposure Through an Error Message (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.124000\"], \"hash_code\": [\"None\", \"21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc\"], \"id\": [\"None\", \"11\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\\n\\n**Line Number:** 132\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 132\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 134\\n**Column:** 13\\n**Source Object:** e\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n**Line Number:** 134\\n**Column:** 30\\n**Source Object:** printStackTrace\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.527000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.122000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"134\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.972Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 65,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "12",
+ "object_id": 12,
+ "object_repr": "Improper Resource Shutdown or Release (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.268000\"], \"hash_code\": [\"None\", \"fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27\"], \"id\": [\"None\", \"12\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\\n\\n**Line Number:** 1\\n**Column:** 688\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1608\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 13\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT COUNT (*) FROM Products\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 25\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.331000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.265000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"25\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:20.986Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 66,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "13",
+ "object_id": 13,
+ "object_repr": "Reflected XSS All Clients (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.438000\"], \"hash_code\": [\"None\", \"3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828\"], \"id\": [\"None\", \"13\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.484000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.435000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.032Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 67,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "14",
+ "object_id": 14,
+ "object_repr": "HttpOnlyCookies (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.602000\"], \"hash_code\": [\"None\", \"24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924\"], \"id\": [\"None\", \"14\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\\n\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.422000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.599000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"46\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.050Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 68,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "15",
+ "object_id": 15,
+ "object_repr": "CGI Reflected XSS All Clients (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.755000\"], \"hash_code\": [\"None\", \"a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166\"], \"id\": [\"None\", \"15\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.344000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.751000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.065Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 69,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "16",
+ "object_id": 16,
+ "object_repr": "Hardcoded Password in Connection String (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.905000\"], \"hash_code\": [\"None\", \"bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33\"], \"id\": [\"None\", \"16\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 725\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.192000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.902000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.082Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 70,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "17",
+ "object_id": 17,
+ "object_repr": "Client Insecure Randomness (encryption.js)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.060000\"], \"hash_code\": [\"None\", \"9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6\"], \"id\": [\"None\", \"17\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Client Insecure Randomness (encryption.js)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"330\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\\n\\n**Line Number:** 127\\n**Column:** 28\\n**Source Object:** random\\n**Number:** 127\\n**Code:** var h = Math.floor(Math.random() * 65535);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.380000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.056000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"127\"], \"file_path\": [\"None\", \"/root/js/encryption.js\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.097Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 71,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "18",
+ "object_id": 18,
+ "object_repr": "SQL Injection (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.209000\"], \"hash_code\": [\"None\", \"684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f\"], \"id\": [\"None\", \"18\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.659000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.206000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.112Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 72,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "19",
+ "object_id": 19,
+ "object_repr": "Stored XSS (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.373000\"], \"hash_code\": [\"None\", \"99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7\"], \"id\": [\"None\", \"19\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.772000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.370000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.128Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 73,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "20",
+ "object_id": 20,
+ "object_repr": "CGI Stored XSS (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.530000\"], \"hash_code\": [\"None\", \"541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7\"], \"id\": [\"None\", \"20\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.486000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.527000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.143Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 74,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "21",
+ "object_id": 21,
+ "object_repr": "Not Using a Random IV With CBC Mode (AES.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.702000\"], \"hash_code\": [\"None\", \"e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c\"], \"id\": [\"None\", \"21\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Not Using a Random IV With CBC Mode (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"329\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\\n\\n**Line Number:** 96\\n**Column:** 71\\n**Source Object:** ivBytes\\n**Number:** 96\\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.933000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.699000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.159Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 75,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "22",
+ "object_id": 22,
+ "object_repr": "Collapse of Data Into Unsafe Value (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.865000\"], \"hash_code\": [\"None\", \"da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597\"], \"id\": [\"None\", \"22\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Collapse of Data Into Unsafe Value (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"182\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\\n\\n**Line Number:** 19\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.396000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.861000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.174Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 76,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "23",
+ "object_id": 23,
+ "object_repr": "Stored Boundary Violation (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.040000\"], \"hash_code\": [\"None\", \"b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca\"], \"id\": [\"None\", \"23\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"646\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Stored\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.227000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.037000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.189Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 77,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "24",
+ "object_id": 24,
+ "object_repr": "Hardcoded Password in Connection String (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.231000\"], \"hash_code\": [\"None\", \"13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c\"], \"id\": [\"None\", \"24\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 722\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.053000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.227000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.204Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 78,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "25",
+ "object_id": 25,
+ "object_repr": "Blind SQL Injections (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.388000\"], \"hash_code\": [\"None\", \"8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61\"], \"id\": [\"None\", \"25\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.286000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.385000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.219Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 79,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "26",
+ "object_id": 26,
+ "object_repr": "Heap Inspection (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.563000\"], \"hash_code\": [\"None\", \"2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e\"], \"id\": [\"None\", \"26\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\\n\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.301000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.561000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"10\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.234Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 80,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "27",
+ "object_id": 27,
+ "object_repr": "Use of Cryptographically Weak PRNG (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.729000\"], \"hash_code\": [\"None\", \"05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195\"], \"id\": [\"None\", \"27\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"338\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.640000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.724000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.248Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 81,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "28",
+ "object_id": 28,
+ "object_repr": "Trust Boundary Violation (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.904000\"], \"hash_code\": [\"None\", \"9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019\"], \"id\": [\"None\", \"28\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Trust Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"501\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.577000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.900000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.263Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 82,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "29",
+ "object_id": 29,
+ "object_repr": "Information Exposure Through an Error Message (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.151000\"], \"hash_code\": [\"None\", \"fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00\"], \"id\": [\"None\", \"29\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\\n\\n**Line Number:** 52\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 52\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 53\\n**Column:** 387\\n**Source Object:** e\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n**Line Number:** 53\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.542000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.147000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.278Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 83,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "30",
+ "object_id": 30,
+ "object_repr": "Reliance on Cookies in a Decision (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.397000\"], \"hash_code\": [\"None\", \"bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717\"], \"id\": [\"None\", \"30\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"784\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\\n\\n**Line Number:** 38\\n**Column:** 388\\n**Source Object:** getCookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 41\\n**Column:** 373\\n**Source Object:** cookies\\n**Number:** 41\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 42\\n**Column:** 392\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 42\\n**Column:** 357\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 43\\n**Column:** 365\\n**Source Object:** cookie\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 280\\n**Column:** 356\\n**Source Object:** stmt\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n**Line Number:** 280\\n**Column:** 361\\n**Source Object:** !=\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.041000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.394000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"280\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.297Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 84,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "31",
+ "object_id": 31,
+ "object_repr": "Empty Password in Connection String (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.586000\"], \"hash_code\": [\"None\", \"ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f\"], \"id\": [\"None\", \"31\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.642000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.583000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.320Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 85,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "32",
+ "object_id": 32,
+ "object_repr": "Improper Resource Access Authorization (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.781000\"], \"hash_code\": [\"None\", \"c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a\"], \"id\": [\"None\", \"32\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\\n\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.977000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.777000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.340Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 86,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "33",
+ "object_id": 33,
+ "object_repr": "Client Cross Frame Scripting Attack (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.976000\"], \"hash_code\": [\"None\", \"51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b\"], \"id\": [\"None\", \"33\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Client Cross Frame Scripting Attack (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** JavaScript\\n**Group:** JavaScript Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\\n\\n**Line Number:** 1\\n**Column:** 1\\n**Source Object:** CxJSNS_1557034993\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.583000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.972000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.358Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 87,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "34",
+ "object_id": 34,
+ "object_repr": "Hardcoded Password in Connection String (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:37.211000\"], \"hash_code\": [\"None\", \"d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905\"], \"id\": [\"None\", \"34\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\\n\\n**Line Number:** 1\\n**Column:** 737\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 707\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.145000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:37.206000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.375Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 88,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "35",
+ "object_id": 35,
+ "object_repr": "HttpOnlyCookies in Config (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:37.495000\"], \"hash_code\": [\"None\", \"b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c\"], \"id\": [\"None\", \"35\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies in Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.499000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:37.491000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.393Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 89,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "36",
+ "object_id": 36,
+ "object_repr": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:37.702000\"], \"hash_code\": [\"None\", \"514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08\"], \"id\": [\"None\", \"36\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\\n\\n**Line Number:** 40\\n**Column:** 13\\n**Source Object:** connection\\n**Number:** 40\\n**Code:** this.connection = conn;\\n-----\\n**Line Number:** 43\\n**Column:** 31\\n**Source Object:** getParameters\\n**Number:** 43\\n**Code:** this.getParameters();\\n-----\\n**Line Number:** 44\\n**Column:** 28\\n**Source Object:** setResults\\n**Number:** 44\\n**Code:** this.setResults();\\n-----\\n**Line Number:** 188\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 188\\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\\n-----\\n**Line Number:** 198\\n**Column:** 61\\n**Source Object:** isAjax\\n**Number:** 198\\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\\\", \\\") : result.getTrHTML());\\n-----\\n**Line Number:** 201\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 201\\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\\n-----\\n**Line Number:** 45\\n**Column:** 27\\n**Source Object:** setScores\\n**Number:** 45\\n**Code:** this.setScores();\\n-----\\n**Line Number:** 129\\n**Column:** 28\\n**Source Object:** isDebug\\n**Number:** 129\\n**Code:** if(this.isDebug()){\\n-----\\n**Line Number:** 130\\n**Column:** 21\\n**Source Object:** connection\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 48\\n**Source Object:** createStatement\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 58\\n**Source Object:** execute\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.138000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:37.698000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"130\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.410Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 90,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "37",
+ "object_id": 37,
+ "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:37.894000\"], \"hash_code\": [\"None\", \"0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03\"], \"id\": [\"None\", \"37\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"614\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\\n\\n**Line Number:** 56\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 56\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.165000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:37.891000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.427Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 91,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "38",
+ "object_id": 38,
+ "object_repr": "CGI Reflected XSS All Clients (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.083000\"], \"hash_code\": [\"None\", \"7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800\"], \"id\": [\"None\", \"38\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.328000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.079000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.446Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 92,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "39",
+ "object_id": 39,
+ "object_repr": "Suspected XSS (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.281000\"], \"hash_code\": [\"None\", \"ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17\"], \"id\": [\"None\", \"39\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Suspected XSS (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\\n\\n**Line Number:** 57\\n**Column:** 360\\n**Source Object:** username\\n**Number:** 57\\n**Code:** | <%=username%> | \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.306000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.277000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.463Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 93,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "40",
+ "object_id": 40,
+ "object_repr": "Hardcoded Password in Connection String (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.499000\"], \"hash_code\": [\"None\", \"964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625\"], \"id\": [\"None\", \"40\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 704\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.989000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.495000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.480Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 94,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "41",
+ "object_id": 41,
+ "object_repr": "Hardcoded Password in Connection String (dbconnection.jspf)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.694000\"], \"hash_code\": [\"None\", \"e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904\"], \"id\": [\"None\", \"41\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.038000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.690000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.518Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 95,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "42",
+ "object_id": 42,
+ "object_repr": "Empty Password in Connection String (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.895000\"], \"hash_code\": [\"None\", \"8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653\"], \"id\": [\"None\", \"42\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.675000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.891000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.535Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 96,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "43",
+ "object_id": 43,
+ "object_repr": "Download of Code Without Integrity Check (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.107000\"], \"hash_code\": [\"None\", \"3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698\"], \"id\": [\"None\", \"43\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\\n\\n**Line Number:** 1\\n**Column:** 640\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.727000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.102000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.552Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 97,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "44",
+ "object_id": 44,
+ "object_repr": "Information Exposure Through an Error Message (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.298000\"], \"hash_code\": [\"None\", \"cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63\"], \"id\": [\"None\", \"44\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\\n\\n**Line Number:** 39\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 39\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 41\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 41\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.686000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.295000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"41\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.568Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 98,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "45",
+ "object_id": 45,
+ "object_repr": "SQL Injection (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.448000\"], \"hash_code\": [\"None\", \"9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce\"], \"id\": [\"None\", \"45\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.628000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.444000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.585Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 99,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "46",
+ "object_id": 46,
+ "object_repr": "Empty Password in Connection String (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.616000\"], \"hash_code\": [\"None\", \"35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120\"], \"id\": [\"None\", \"46\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.443000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.613000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.601Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 100,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "47",
+ "object_id": 47,
+ "object_repr": "CGI Stored XSS (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.814000\"], \"hash_code\": [\"None\", \"60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c\"], \"id\": [\"None\", \"47\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.551000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.809000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.617Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 101,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "48",
+ "object_id": 48,
+ "object_repr": "Plaintext Storage in a Cookie (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.005000\"], \"hash_code\": [\"None\", \"c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81\"], \"id\": [\"None\", \"48\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Plaintext Storage in a Cookie (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"315\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\\n\\n**Line Number:** 82\\n**Column:** 364\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 82\\n**Column:** 353\\n**Source Object:** basketId\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 84\\n**Column:** 391\\n**Source Object:** basketId\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.964000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.001000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.634Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 102,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "49",
+ "object_id": 49,
+ "object_repr": "Information Exposure Through an Error Message (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.176000\"], \"hash_code\": [\"None\", \"1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c\"], \"id\": [\"None\", \"49\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\\n\\n**Line Number:** 72\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 72\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 75\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 75\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.605000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.173000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"75\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.652Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 103,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "50",
+ "object_id": 50,
+ "object_repr": "Hardcoded Password in Connection String (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.355000\"], \"hash_code\": [\"None\", \"4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f\"], \"id\": [\"None\", \"50\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\\n\\n**Line Number:** 1\\n**Column:** 792\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 762\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.958000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.351000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.669Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 104,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "51",
+ "object_id": 51,
+ "object_repr": "Stored XSS (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.539000\"], \"hash_code\": [\"None\", \"1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05\"], \"id\": [\"None\", \"51\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.724000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.535000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.685Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 105,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "52",
+ "object_id": 52,
+ "object_repr": "Download of Code Without Integrity Check (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.715000\"], \"hash_code\": [\"None\", \"75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4\"], \"id\": [\"None\", \"52\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\\n\\n**Line Number:** 1\\n**Column:** 621\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.598000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.710000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.700Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 106,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "53",
+ "object_id": 53,
+ "object_repr": "Empty Password in Connection String (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.869000\"], \"hash_code\": [\"None\", \"afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841\"], \"id\": [\"None\", \"53\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.582000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.865000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.715Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 107,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "54",
+ "object_id": 54,
+ "object_repr": "Heap Inspection (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.022000\"], \"hash_code\": [\"None\", \"78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2\"], \"id\": [\"None\", \"54\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\\n\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.271000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.019000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"8\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.729Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 108,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "55",
+ "object_id": 55,
+ "object_repr": "Download of Code Without Integrity Check (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.178000\"], \"hash_code\": [\"None\", \"92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447\"], \"id\": [\"None\", \"55\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\\n\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.820000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.175000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.744Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 109,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "56",
+ "object_id": 56,
+ "object_repr": "Session Fixation (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.335000\"], \"hash_code\": [\"None\", \"f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21\"], \"id\": [\"None\", \"56\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Session Fixation (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"384\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\\n\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** setAttribute\\n**Number:** 48\\n**Code:** this.session.setAttribute(\\\"key\\\", this.encryptKey);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.516000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.332000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.760Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 110,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "57",
+ "object_id": 57,
+ "object_repr": "Stored XSS (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.494000\"], \"hash_code\": [\"None\", \"38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c\"], \"id\": [\"None\", \"57\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\\n\\n**Line Number:** 34\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 34\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 38\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 38\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 42\\n**Column:** 398\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** \\\" | \\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 42\\n**Column:** 410\\n**Source Object:** getString\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 392\\n**Source Object:** concat\\n**Number:** 39\\n**Code:** output = output.concat(\\\"| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 39\\n**Column:** 370\\n**Source Object:** output\\n**Number:** 39\\n**Code:** output = output.concat(\\\" |
| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 49\\n**Column:** 355\\n**Source Object:** output\\n**Number:** 49\\n**Code:** <%= output %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.970000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.491000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.780Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 111,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "58",
+ "object_id": 58,
+ "object_repr": "Empty Password in Connection String (dbconnection.jspf)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.669000\"], \"hash_code\": [\"None\", \"24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659\"], \"id\": [\"None\", \"58\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.505000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.667000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.799Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 112,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "59",
+ "object_id": 59,
+ "object_repr": "Hardcoded Password in Connection String (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.820000\"], \"hash_code\": [\"None\", \"148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d\"], \"id\": [\"None\", \"59\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2619\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.084000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.817000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.816Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 113,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "60",
+ "object_id": 60,
+ "object_repr": "Reflected XSS All Clients (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.972000\"], \"hash_code\": [\"None\", \"55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08\"], \"id\": [\"None\", \"60\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\" |
| \\\" + comments + \\\" |
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" |
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.499000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.970000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.835Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 114,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "61",
+ "object_id": 61,
+ "object_repr": "HttpOnlyCookies (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.130000\"], \"hash_code\": [\"None\", \"06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932\"], \"id\": [\"None\", \"61\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\\n\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.376000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.127000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"38\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.852Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 115,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "62",
+ "object_id": 62,
+ "object_repr": "Download of Code Without Integrity Check (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.302000\"], \"hash_code\": [\"None\", \"62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f\"], \"id\": [\"None\", \"62\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.836000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.298000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.867Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 116,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "63",
+ "object_id": 63,
+ "object_repr": "Stored XSS (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.457000\"], \"hash_code\": [\"None\", \"0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02\"], \"id\": [\"None\", \"63\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.855000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.453000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.883Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 117,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "64",
+ "object_id": 64,
+ "object_repr": "Empty Password in Connection String (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.620000\"], \"hash_code\": [\"None\", \"7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36\"], \"id\": [\"None\", \"64\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.552000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.617000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.899Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 118,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "65",
+ "object_id": 65,
+ "object_repr": "Reflected XSS All Clients (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.796000\"], \"hash_code\": [\"None\", \"95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1\"], \"id\": [\"None\", \"65\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.547000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.793000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.914Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 119,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "66",
+ "object_id": 66,
+ "object_repr": "Improper Resource Access Authorization (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.956000\"], \"hash_code\": [\"None\", \"b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628\"], \"id\": [\"None\", \"66\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.025000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.953000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"42\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.930Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 120,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "67",
+ "object_id": 67,
+ "object_repr": "Download of Code Without Integrity Check (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.115000\"], \"hash_code\": [\"None\", \"945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf\"], \"id\": [\"None\", \"67\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\\n\\n**Line Number:** 1\\n**Column:** 625\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.789000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.112000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.946Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 121,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "68",
+ "object_id": 68,
+ "object_repr": "Download of Code Without Integrity Check (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.269000\"], \"hash_code\": [\"None\", \"6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab\"], \"id\": [\"None\", \"68\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.881000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.267000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.962Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 122,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "69",
+ "object_id": 69,
+ "object_repr": "Improper Resource Access Authorization (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.431000\"], \"hash_code\": [\"None\", \"76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f\"], \"id\": [\"None\", \"69\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\\n\\n**Line Number:** 55\\n**Column:** 385\\n**Source Object:** executeQuery\\n**Number:** 55\\n**Code:** ResultSet rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE basketid = \\\" + basketId);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.831000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.428000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"55\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.977Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 123,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "70",
+ "object_id": 70,
+ "object_repr": "Race Condition Format Flaw (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.595000\"], \"hash_code\": [\"None\", \"3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a\"], \"id\": [\"None\", \"70\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"362\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\\n\\n**Line Number:** 262\\n**Column:** 399\\n**Source Object:** format\\n**Number:** 262\\n**Code:** out.println(\\\" | \\\" + nf.format(pricetopay) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.980000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.592000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"262\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:21.992Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 124,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "71",
+ "object_id": 71,
+ "object_repr": "Empty Password in Connection String (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.752000\"], \"hash_code\": [\"None\", \"66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e\"], \"id\": [\"None\", \"71\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\\n\\n**Line Number:** 89\\n**Column:** 1\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 89\\n**Code:** c = DriverManager.getConnection(\\\"jdbc:hsqldb:mem:SQL\\\", \\\"sa\\\", \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.521000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.749000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.007Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 125,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "72",
+ "object_id": 72,
+ "object_repr": "Improper Resource Access Authorization (FunctionalZAP.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.931000\"], \"hash_code\": [\"None\", \"174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725\"], \"id\": [\"None\", \"72\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (FunctionalZAP.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\\n\\n**Line Number:** 31\\n**Column:** 37\\n**Source Object:** getProperty\\n**Number:** 31\\n**Code:** String target = System.getProperty(\\\"zap.targetApp\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.785000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.927000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.021Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 126,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "73",
+ "object_id": 73,
+ "object_repr": "Suspected XSS (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.091000\"], \"hash_code\": [\"None\", \"cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a\"], \"id\": [\"None\", \"73\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Suspected XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** username\\n**Number:** 7\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 89\\n**Column:** 356\\n**Source Object:** username\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.274000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.088000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.036Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 127,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "74",
+ "object_id": 74,
+ "object_repr": "Use of Cryptographically Weak PRNG (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.250000\"], \"hash_code\": [\"None\", \"afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2\"], \"id\": [\"None\", \"74\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"338\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.670000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.247000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.051Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 128,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "75",
+ "object_id": 75,
+ "object_repr": "CGI Stored XSS (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.408000\"], \"hash_code\": [\"None\", \"1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20\"], \"id\": [\"None\", \"75\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.518000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.405000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.066Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 129,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "76",
+ "object_id": 76,
+ "object_repr": "Improper Resource Shutdown or Release (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.599000\"], \"hash_code\": [\"None\", \"2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2\"], \"id\": [\"None\", \"76\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\\n\\n**Line Number:** 1\\n**Column:** 2588\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2872\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3278\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3375\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3473\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3575\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3673\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3769\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3866\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3972\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4357\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4511\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4668\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4823\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5127\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5279\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5431\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5583\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5733\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5883\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6033\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6183\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6333\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6483\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6633\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6783\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6940\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7096\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7257\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7580\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7730\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7880\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8029\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8179\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8340\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8495\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8656\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8813\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8966\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9121\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9272\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9653\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9814\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9976\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10140\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10506\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10846\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10986\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11126\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11266\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11407\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11761\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11779\\n**Source Object:** prepareStatement\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11899\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.347000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.595000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.100Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 130,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "77",
+ "object_id": 77,
+ "object_repr": "Download of Code Without Integrity Check (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.798000\"], \"hash_code\": [\"None\", \"bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2\"], \"id\": [\"None\", \"77\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\\n\\n**Line Number:** 87\\n**Column:** 10\\n**Source Object:** forName\\n**Number:** 87\\n**Code:** Class.forName(\\\"org.hsqldb.jdbcDriver\\\" );\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.680000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.794000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"87\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.122Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 131,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "78",
+ "object_id": 78,
+ "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.961000\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"id\": [\"None\", \"78\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\\n\\n**Line Number:** 1\\n**Column:** 728\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1648\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 53\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 53\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 240\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 274\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 274\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.266000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.955000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.138Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 132,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "79",
+ "object_id": 79,
+ "object_repr": "Blind SQL Injections (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.167000\"], \"hash_code\": [\"None\", \"2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551\"], \"id\": [\"None\", \"79\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.239000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.164000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.154Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 133,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "80",
+ "object_id": 80,
+ "object_repr": "Client DOM Open Redirect (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.338000\"], \"hash_code\": [\"None\", \"3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93\"], \"id\": [\"None\", \"80\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Client DOM Open Redirect (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"601\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\\n\\n**Line Number:** 48\\n**Column:** 63\\n**Source Object:** href\\n**Number:** 48\\n**Code:** New Search\\n-----\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** location\\n**Number:** 48\\n**Code:** New Search\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.334000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.335000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.171Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 134,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "81",
+ "object_id": 81,
+ "object_repr": "Hardcoded Password in Connection String (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.495000\"], \"hash_code\": [\"None\", \"775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea\"], \"id\": [\"None\", \"81\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.208000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.492000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.189Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 135,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "82",
+ "object_id": 82,
+ "object_repr": "CGI Stored XSS (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.667000\"], \"hash_code\": [\"None\", \"9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242\"], \"id\": [\"None\", \"82\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.407000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.664000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.207Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 136,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "83",
+ "object_id": 83,
+ "object_repr": "Use of Insufficiently Random Values (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.809000\"], \"hash_code\": [\"None\", \"2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48\"], \"id\": [\"None\", \"83\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"330\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.793000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.806000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.224Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 137,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "84",
+ "object_id": 84,
+ "object_repr": "Missing X Frame Options (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.947000\"], \"hash_code\": [\"None\", \"5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3\"], \"id\": [\"None\", \"84\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"829\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.857000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.944000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.240Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 138,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "85",
+ "object_id": 85,
+ "object_repr": "Reflected XSS All Clients (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.093000\"], \"hash_code\": [\"None\", \"86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06\"], \"id\": [\"None\", \"85\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\\n\\n**Line Number:** 10\\n**Column:** 395\\n**Source Object:** \\\"\\\"q\\\"\\\"\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 394\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** query\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 362\\n**Source Object:** query\\n**Number:** 13\\n**Code:** if (query.replaceAll(\\\"\\\\\\\\s\\\", \\\"\\\").toLowerCase().indexOf(\\\"\\\") >= 0) {\\n-----\\n**Line Number:** 18\\n**Column:** 380\\n**Source Object:** query\\n**Number:** 18\\n**Code:** You searched for: <%= query %>
\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.595000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.090000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"18\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.257Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 139,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "86",
+ "object_id": 86,
+ "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.242000\"], \"hash_code\": [\"None\", \"7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb\"], \"id\": [\"None\", \"86\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"614\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\\n\\n**Line Number:** 84\\n**Column:** 372\\n**Source Object:** Cookie\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.149000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.239000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.273Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 140,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "87",
+ "object_id": 87,
+ "object_repr": "Information Exposure Through an Error Message (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.417000\"], \"hash_code\": [\"None\", \"1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9\"], \"id\": [\"None\", \"87\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\\n\\n**Line Number:** 35\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 35\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 37\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.810000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.413000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.289Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 141,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "88",
+ "object_id": 88,
+ "object_repr": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.582000\"], \"hash_code\": [\"None\", \"d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be\"], \"id\": [\"None\", \"88\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Hard Coded Cryptographic Key (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"321\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\\n\\n**Line Number:** 47\\n**Column:** 70\\n**Source Object:** 0\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 69\\n**Source Object:** substring\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 17\\n**Source Object:** encryptKey\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 17\\n**Column:** 374\\n**Source Object:** AdvancedSearch\\n**Number:** 17\\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\\n-----\\n**Line Number:** 18\\n**Column:** 357\\n**Source Object:** as\\n**Number:** 18\\n**Code:** if(as.isAjax()){\\n-----\\n**Line Number:** 26\\n**Column:** 20\\n**Source Object:** encryptKey\\n**Number:** 26\\n**Code:** private String encryptKey = null;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.718000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.579000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"26\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.304Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 142,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "89",
+ "object_id": 89,
+ "object_repr": "Reliance on Cookies in a Decision (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.729000\"], \"hash_code\": [\"None\", \"84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41\"], \"id\": [\"None\", \"89\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"784\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\\n\\n**Line Number:** 46\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 49\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 49\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 50\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 50\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 51\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 56\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 56\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.118000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.727000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.320Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 143,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "90",
+ "object_id": 90,
+ "object_repr": "Stored XSS (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.883000\"], \"hash_code\": [\"None\", \"2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e\"], \"id\": [\"None\", \"90\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\\n\\n**Line Number:** 63\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 63\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 66\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 66\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 68\\n**Column:** 411\\n**Source Object:** rs\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 423\\n**Source Object:** getString\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.823000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.880000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"68\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.335Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 144,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "91",
+ "object_id": 91,
+ "object_repr": "CGI Stored XSS (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.032000\"], \"hash_code\": [\"None\", \"45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991\"], \"id\": [\"None\", \"91\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.391000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.029000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.352Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 145,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "92",
+ "object_id": 92,
+ "object_repr": "Heap Inspection (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.169000\"], \"hash_code\": [\"None\", \"6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd\"], \"id\": [\"None\", \"92\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.331000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.166000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"7\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.369Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 146,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "93",
+ "object_id": 93,
+ "object_repr": "Improper Resource Shutdown or Release (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.314000\"], \"hash_code\": [\"None\", \"763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992\"], \"id\": [\"None\", \"93\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\\n\\n**Line Number:** 1\\n**Column:** 721\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1641\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 20\\n**Column:** 371\\n**Source Object:** conn\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 391\\n**Source Object:** createStatement\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 364\\n**Source Object:** stmt\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 34\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 57\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 57\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.478000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.311000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.386Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 147,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "94",
+ "object_id": 94,
+ "object_repr": "Information Exposure Through an Error Message (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.459000\"], \"hash_code\": [\"None\", \"508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19\"], \"id\": [\"None\", \"94\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\\n\\n**Line Number:** 64\\n**Column:** 374\\n**Source Object:** e\\n**Number:** 64\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 65\\n**Column:** 357\\n**Source Object:** e\\n**Number:** 65\\n**Code:** if (e.getMessage().indexOf(\\\"Unique constraint violation\\\") >= 0) {\\n-----\\n**Line Number:** 70\\n**Column:** 392\\n**Source Object:** e\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 70\\n**Column:** 366\\n**Source Object:** println\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.765000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.456000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"70\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.401Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 148,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "95",
+ "object_id": 95,
+ "object_repr": "Improper Resource Access Authorization (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.615000\"], \"hash_code\": [\"None\", \"1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610\"], \"id\": [\"None\", \"95\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\\n\\n**Line Number:** 1\\n**Column:** 3261\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.907000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.612000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.417Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 149,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "96",
+ "object_id": 96,
+ "object_repr": "CGI Stored XSS (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.776000\"], \"hash_code\": [\"None\", \"d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d\"], \"id\": [\"None\", \"96\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 14\\n**Column:** 38\\n**Source Object:** getAttribute\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 10\\n**Source Object:** username\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 52\\n**Source Object:** username\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 8\\n**Source Object:** println\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.439000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.772000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.434Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 150,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "97",
+ "object_id": 97,
+ "object_repr": "Blind SQL Injections (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.932000\"], \"hash_code\": [\"None\", \"f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31\"], \"id\": [\"None\", \"97\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.222000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.928000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.450Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 151,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "98",
+ "object_id": 98,
+ "object_repr": "HttpOnlyCookies in Config (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.091000\"], \"hash_code\": [\"None\", \"7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0\"], \"id\": [\"None\", \"98\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies in Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.452000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.086000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.466Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 152,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "99",
+ "object_id": 99,
+ "object_repr": "Use of Hard Coded Cryptographic Key (AES.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.247000\"], \"hash_code\": [\"None\", \"779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b\"], \"id\": [\"None\", \"99\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Hard Coded Cryptographic Key (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"321\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\\n\\n**Line Number:** 50\\n**Column:** 43\\n**Source Object:** \\\"\\\"AES/ECB/NoPadding\\\"\\\"\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 42\\n**Source Object:** getInstance\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 19\\n**Source Object:** c2\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.685000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.245000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.483Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 153,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "100",
+ "object_id": 100,
+ "object_repr": "Improper Resource Shutdown or Release (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.418000\"], \"hash_code\": [\"None\", \"326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201\"], \"id\": [\"None\", \"100\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\\n\\n**Line Number:** 13\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.461000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.415000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.499Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 154,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "101",
+ "object_id": 101,
+ "object_repr": "CGI Reflected XSS All Clients (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.575000\"], \"hash_code\": [\"None\", \"d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02\"], \"id\": [\"None\", \"101\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.251000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.572000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.515Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 155,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "102",
+ "object_id": 102,
+ "object_repr": "Stored XSS (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.732000\"], \"hash_code\": [\"None\", \"926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d\"], \"id\": [\"None\", \"102\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\" | \\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.939000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.730000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.532Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 156,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "103",
+ "object_id": 103,
+ "object_repr": "Information Exposure Through an Error Message (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.890000\"], \"hash_code\": [\"None\", \"cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd\"], \"id\": [\"None\", \"103\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\\n\\n**Line Number:** 62\\n**Column:** 371\\n**Source Object:** e\\n**Number:** 62\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 65\\n**Column:** 391\\n**Source Object:** e\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 65\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.589000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.887000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"65\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.549Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 157,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "104",
+ "object_id": 104,
+ "object_repr": "Improper Resource Access Authorization (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.061000\"], \"hash_code\": [\"None\", \"b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10\"], \"id\": [\"None\", \"104\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\\n\\n**Line Number:** 14\\n**Column:** 396\\n**Source Object:** execute\\n**Number:** 14\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.107000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.057000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.566Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 158,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "105",
+ "object_id": 105,
+ "object_repr": "Improper Resource Access Authorization (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.230000\"], \"hash_code\": [\"None\", \"40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17\"], \"id\": [\"None\", \"105\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\\n\\n**Line Number:** 14\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.892000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.227000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.582Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 159,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "106",
+ "object_id": 106,
+ "object_repr": "Improper Resource Shutdown or Release (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.390000\"], \"hash_code\": [\"None\", \"8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6\"], \"id\": [\"None\", \"106\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\\n\\n**Line Number:** 1\\n**Column:** 669\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1589\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 15\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 15\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Users\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 27\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Baskets\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 40\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 40\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.168000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.387000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"40\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.598Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 160,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "107",
+ "object_id": 107,
+ "object_repr": "Information Exposure Through an Error Message (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.553000\"], \"hash_code\": [\"None\", \"641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2\"], \"id\": [\"None\", \"107\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\\n\\n**Line Number:** 55\\n**Column:** 377\\n**Source Object:** e\\n**Number:** 55\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 58\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 58\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.825000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.551000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"58\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.616Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 161,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "108",
+ "object_id": 108,
+ "object_repr": "Blind SQL Injections (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.698000\"], \"hash_code\": [\"None\", \"c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336\"], \"id\": [\"None\", \"108\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.318000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.693000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.633Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 162,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "109",
+ "object_id": 109,
+ "object_repr": "Reliance on Cookies in a Decision (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.847000\"], \"hash_code\": [\"None\", \"11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9\"], \"id\": [\"None\", \"109\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"784\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\\n\\n**Line Number:** 35\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 39\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 40\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 45\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 45\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.072000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.844000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"45\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.649Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 163,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "110",
+ "object_id": 110,
+ "object_repr": "Download of Code Without Integrity Check (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.992000\"], \"hash_code\": [\"None\", \"7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a\"], \"id\": [\"None\", \"110\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.897000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.989000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.666Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 164,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "111",
+ "object_id": 111,
+ "object_repr": "Unsynchronized Access to Shared Data (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.133000\"], \"hash_code\": [\"None\", \"dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87\"], \"id\": [\"None\", \"111\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Unsynchronized Access to Shared Data (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"567\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\\n\\n**Line Number:** 93\\n**Column:** 24\\n**Source Object:** jsonEmpty\\n**Number:** 93\\n**Code:** return this.jsonEmpty;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.338000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.130000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"93\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.682Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 165,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "112",
+ "object_id": 112,
+ "object_repr": "Empty Password in Connection String (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.272000\"], \"hash_code\": [\"None\", \"63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95\"], \"id\": [\"None\", \"112\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.753000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.269000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.697Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 166,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "113",
+ "object_id": 113,
+ "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.425000\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"id\": [\"None\", \"113\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\\n\\n**Line Number:** 1\\n**Column:** 670\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1590\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 12\\n**Column:** 368\\n**Source Object:** conn\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 388\\n**Source Object:** createStatement\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 361\\n**Source Object:** stmt\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 15\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 383\\n**Source Object:** getInt\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 360\\n**Source Object:** userid\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 23\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 23\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n**Line Number:** 37\\n**Column:** 396\\n**Source Object:** getAttribute\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 358\\n**Source Object:** userid\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 420\\n**Source Object:** userid\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 376\\n**Source Object:** executeQuery\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 111\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 111\\n**Code:** rs.next();\\n-----\\n**Line Number:** 112\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 379\\n**Source Object:** getInt\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.249000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.422000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.713Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 167,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "114",
+ "object_id": 114,
+ "object_repr": "Improper Resource Access Authorization (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.583000\"], \"hash_code\": [\"None\", \"5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40\"], \"id\": [\"None\", \"114\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.091000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.580000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.729Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 168,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "115",
+ "object_id": 115,
+ "object_repr": "Session Fixation (logout.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.757000\"], \"hash_code\": [\"None\", \"08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10\"], \"id\": [\"None\", \"115\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Session Fixation (logout.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"384\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\\n\\n**Line Number:** 3\\n**Column:** 370\\n**Source Object:** setAttribute\\n**Number:** 3\\n**Code:** session.setAttribute(\\\"username\\\", null);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.561000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.754000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"3\"], \"file_path\": [\"None\", \"/root/logout.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.745Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 169,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "116",
+ "object_id": 116,
+ "object_repr": "Hardcoded Password in Connection String (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.920000\"], \"hash_code\": [\"None\", \"fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd\"], \"id\": [\"None\", \"116\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.130000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.913000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.762Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 170,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "117",
+ "object_id": 117,
+ "object_repr": "Hardcoded Password in Connection String (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.100000\"], \"hash_code\": [\"None\", \"b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44\"], \"id\": [\"None\", \"117\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 860\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.926000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.097000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.778Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 171,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "118",
+ "object_id": 118,
+ "object_repr": "Improper Resource Access Authorization (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.303000\"], \"hash_code\": [\"None\", \"70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1\"], \"id\": [\"None\", \"118\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.958000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.299000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.795Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 172,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "119",
+ "object_id": 119,
+ "object_repr": "Improper Resource Access Authorization (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.529000\"], \"hash_code\": [\"None\", \"920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9\"], \"id\": [\"None\", \"119\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\\n\\n**Line Number:** 91\\n**Column:** 14\\n**Source Object:** executeQuery\\n**Number:** 91\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.848000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.526000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"91\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.815Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 173,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "120",
+ "object_id": 120,
+ "object_repr": "Empty Password in Connection String (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.704000\"], \"hash_code\": [\"None\", \"6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44\"], \"id\": [\"None\", \"120\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.706000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.700000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.830Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 174,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "121",
+ "object_id": 121,
+ "object_repr": "Improper Resource Shutdown or Release (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.884000\"], \"hash_code\": [\"None\", \"97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d\"], \"id\": [\"None\", \"121\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\\n\\n**Line Number:** 21\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.397000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.881000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.848Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 175,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "122",
+ "object_id": 122,
+ "object_repr": "Improper Resource Shutdown or Release (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.056000\"], \"hash_code\": [\"None\", \"810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28\"], \"id\": [\"None\", \"122\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\\n\\n**Line Number:** 1\\n**Column:** 691\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1611\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 97\\n**Column:** 353\\n**Source Object:** conn\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 373\\n**Source Object:** createStatement\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.414000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.052000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"97\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.865Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 176,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "123",
+ "object_id": 123,
+ "object_repr": "Empty Password in Connection String (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.205000\"], \"hash_code\": [\"None\", \"eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296\"], \"id\": [\"None\", \"123\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.613000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.202000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.882Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 177,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "124",
+ "object_id": 124,
+ "object_repr": "Information Exposure Through an Error Message (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.350000\"], \"hash_code\": [\"None\", \"af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb\"], \"id\": [\"None\", \"124\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\\n\\n**Line Number:** 60\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 60\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 63\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 63\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.718000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.347000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"63\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.899Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 178,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "125",
+ "object_id": 125,
+ "object_repr": "Use of Insufficiently Random Values (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.512000\"], \"hash_code\": [\"None\", \"78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88\"], \"id\": [\"None\", \"125\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"330\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.763000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.508000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.916Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 179,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "126",
+ "object_id": 126,
+ "object_repr": "Stored XSS (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.665000\"], \"hash_code\": [\"None\", \"9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d\"], \"id\": [\"None\", \"126\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 89\\n**Column:** 401\\n**Source Object:** getAttribute\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.806000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.662000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.932Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 180,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "127",
+ "object_id": 127,
+ "object_repr": "HttpOnlyCookies (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.806000\"], \"hash_code\": [\"None\", \"93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3\"], \"id\": [\"None\", \"127\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\\n\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.407000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.803000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"35\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.949Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 181,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "128",
+ "object_id": 128,
+ "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.969000\"], \"hash_code\": [\"None\", \"ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99\"], \"id\": [\"None\", \"128\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"614\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\\n\\n**Line Number:** 61\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 61\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.196000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.966000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"61\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.965Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 182,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "129",
+ "object_id": 129,
+ "object_repr": "Information Exposure Through an Error Message (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.115000\"], \"hash_code\": [\"None\", \"584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215\"], \"id\": [\"None\", \"129\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\\n\\n**Line Number:** 96\\n**Column:** 18\\n**Source Object:** e\\n**Number:** 96\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 99\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 99\\n**Column:** 9\\n**Source Object:** println\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.638000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.112000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"99\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.980Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 183,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "130",
+ "object_id": 130,
+ "object_repr": "Race Condition Format Flaw (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.272000\"], \"hash_code\": [\"None\", \"b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1\"], \"id\": [\"None\", \"130\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"362\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\\n\\n**Line Number:** 51\\n**Column:** 400\\n**Source Object:** format\\n**Number:** 51\\n**Code:** \\\"\\\" + nf.format(price) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.011000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.269000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"51\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:22.996Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 184,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "131",
+ "object_id": 131,
+ "object_repr": "Stored XSS (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.428000\"], \"hash_code\": [\"None\", \"59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2\"], \"id\": [\"None\", \"131\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.904000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.424000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.012Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 185,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "132",
+ "object_id": 132,
+ "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.606000\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"id\": [\"None\", \"132\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1593\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 26\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 29\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 31\\n**Code:** rs.next();\\n-----\\n**Line Number:** 32\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 377\\n**Source Object:** getInt\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 353\\n**Source Object:** userid\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 36\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 36\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.218000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.603000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.031Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 186,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "133",
+ "object_id": 133,
+ "object_repr": "Heap Inspection (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.772000\"], \"hash_code\": [\"None\", \"28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f\"], \"id\": [\"None\", \"133\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\\n\\n**Line Number:** 1\\n**Column:** 563\\n**Source Object:** passwordSize\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.255000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.769000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.048Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 187,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "134",
+ "object_id": 134,
+ "object_repr": "CGI Reflected XSS All Clients (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.918000\"], \"hash_code\": [\"None\", \"ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8\"], \"id\": [\"None\", \"134\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.281000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.915000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.065Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 188,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "135",
+ "object_id": 135,
+ "object_repr": "Empty Password in Connection String (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.071000\"], \"hash_code\": [\"None\", \"ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6\"], \"id\": [\"None\", \"135\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.473000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.068000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.081Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 189,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "136",
+ "object_id": 136,
+ "object_repr": "Information Exposure Through an Error Message (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.219000\"], \"hash_code\": [\"None\", \"85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49\"], \"id\": [\"None\", \"136\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\\n\\n**Line Number:** 95\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 95\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 98\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 98\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.733000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.216000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"98\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.097Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 190,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "137",
+ "object_id": 137,
+ "object_repr": "XSRF (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.406000\"], \"hash_code\": [\"None\", \"371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473\"], \"id\": [\"None\", \"137\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"XSRF (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"352\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.841000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.403000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.113Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 191,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "138",
+ "object_id": 138,
+ "object_repr": "Download of Code Without Integrity Check (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.584000\"], \"hash_code\": [\"None\", \"ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f\"], \"id\": [\"None\", \"138\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\\n\\n**Line Number:** 1\\n**Column:** 778\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.632000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.581000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.131Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 192,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "139",
+ "object_id": 139,
+ "object_repr": "Improper Resource Access Authorization (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.769000\"], \"hash_code\": [\"None\", \"d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5\"], \"id\": [\"None\", \"139\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\\n\\n**Line Number:** 29\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.056000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.760000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.149Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 193,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "140",
+ "object_id": 140,
+ "object_repr": "SQL Injection (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.312000\"], \"hash_code\": [\"None\", \"c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0\"], \"id\": [\"None\", \"140\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.706000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.309000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.166Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 194,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "141",
+ "object_id": 141,
+ "object_repr": "Download of Code Without Integrity Check (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.478000\"], \"hash_code\": [\"None\", \"a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5\"], \"id\": [\"None\", \"141\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.743000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.476000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.182Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 195,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "142",
+ "object_id": 142,
+ "object_repr": "Missing X Frame Options (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.650000\"], \"hash_code\": [\"None\", \"418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869\"], \"id\": [\"None\", \"142\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"829\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.873000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.647000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.199Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 196,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "143",
+ "object_id": 143,
+ "object_repr": "Information Exposure Through an Error Message (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.832000\"], \"hash_code\": [\"None\", \"21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc\"], \"id\": [\"None\", \"143\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\\n\\n**Line Number:** 132\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 132\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 134\\n**Column:** 13\\n**Source Object:** e\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n**Line Number:** 134\\n**Column:** 30\\n**Source Object:** printStackTrace\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.510000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.829000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"134\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.216Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 197,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "144",
+ "object_id": 144,
+ "object_repr": "Improper Resource Shutdown or Release (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.993000\"], \"hash_code\": [\"None\", \"fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27\"], \"id\": [\"None\", \"144\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\\n\\n**Line Number:** 1\\n**Column:** 688\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1608\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 13\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT COUNT (*) FROM Products\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 25\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.315000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.990000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"25\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.232Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 198,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "145",
+ "object_id": 145,
+ "object_repr": "Reflected XSS All Clients (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.179000\"], \"hash_code\": [\"None\", \"3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828\"], \"id\": [\"None\", \"145\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.470000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.177000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.248Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 199,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "146",
+ "object_id": 146,
+ "object_repr": "HttpOnlyCookies (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.355000\"], \"hash_code\": [\"None\", \"24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924\"], \"id\": [\"None\", \"146\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\\n\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.437000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.351000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"46\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.263Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 200,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "147",
+ "object_id": 147,
+ "object_repr": "CGI Reflected XSS All Clients (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.525000\"], \"hash_code\": [\"None\", \"a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166\"], \"id\": [\"None\", \"147\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.359000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.522000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.281Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 201,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "148",
+ "object_id": 148,
+ "object_repr": "Hardcoded Password in Connection String (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.692000\"], \"hash_code\": [\"None\", \"bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33\"], \"id\": [\"None\", \"148\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 725\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.175000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.689000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.297Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 202,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "149",
+ "object_id": 149,
+ "object_repr": "Client Insecure Randomness (encryption.js)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.867000\"], \"hash_code\": [\"None\", \"9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6\"], \"id\": [\"None\", \"149\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Client Insecure Randomness (encryption.js)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"330\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\\n\\n**Line Number:** 127\\n**Column:** 28\\n**Source Object:** random\\n**Number:** 127\\n**Code:** var h = Math.floor(Math.random() * 65535);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.365000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.864000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"127\"], \"file_path\": [\"None\", \"/root/js/encryption.js\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.312Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 203,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "150",
+ "object_id": 150,
+ "object_repr": "SQL Injection (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.039000\"], \"hash_code\": [\"None\", \"684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f\"], \"id\": [\"None\", \"150\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.675000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.036000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.328Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 204,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "151",
+ "object_id": 151,
+ "object_repr": "Stored XSS (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.194000\"], \"hash_code\": [\"None\", \"99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7\"], \"id\": [\"None\", \"151\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.756000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.190000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.344Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 205,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "152",
+ "object_id": 152,
+ "object_repr": "CGI Stored XSS (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.361000\"], \"hash_code\": [\"None\", \"541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7\"], \"id\": [\"None\", \"152\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.470000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.358000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.360Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 206,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "153",
+ "object_id": 153,
+ "object_repr": "Not Using a Random IV With CBC Mode (AES.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.549000\"], \"hash_code\": [\"None\", \"e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c\"], \"id\": [\"None\", \"153\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Not Using a Random IV With CBC Mode (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"329\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\\n\\n**Line Number:** 96\\n**Column:** 71\\n**Source Object:** ivBytes\\n**Number:** 96\\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.919000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.547000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.377Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 207,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "154",
+ "object_id": 154,
+ "object_repr": "Collapse of Data Into Unsafe Value (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.701000\"], \"hash_code\": [\"None\", \"da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597\"], \"id\": [\"None\", \"154\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Collapse of Data Into Unsafe Value (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"182\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\\n\\n**Line Number:** 19\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.411000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.698000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.392Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 208,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "155",
+ "object_id": 155,
+ "object_repr": "Stored Boundary Violation (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.850000\"], \"hash_code\": [\"None\", \"b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca\"], \"id\": [\"None\", \"155\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"646\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Stored\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.244000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.848000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.409Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 209,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "156",
+ "object_id": 156,
+ "object_repr": "Hardcoded Password in Connection String (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.992000\"], \"hash_code\": [\"None\", \"13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c\"], \"id\": [\"None\", \"156\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 722\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.069000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.989000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.428Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 210,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "157",
+ "object_id": 157,
+ "object_repr": "Blind SQL Injections (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.139000\"], \"hash_code\": [\"None\", \"8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61\"], \"id\": [\"None\", \"157\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.270000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.136000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.447Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 211,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "158",
+ "object_id": 158,
+ "object_repr": "Heap Inspection (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.281000\"], \"hash_code\": [\"None\", \"2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e\"], \"id\": [\"None\", \"158\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\\n\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.316000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.279000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"10\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.464Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 212,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "159",
+ "object_id": 159,
+ "object_repr": "Use of Cryptographically Weak PRNG (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.451000\"], \"hash_code\": [\"None\", \"05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195\"], \"id\": [\"None\", \"159\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"338\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.624000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.448000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.481Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 213,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "160",
+ "object_id": 160,
+ "object_repr": "Trust Boundary Violation (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.598000\"], \"hash_code\": [\"None\", \"9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019\"], \"id\": [\"None\", \"160\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Trust Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"501\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.593000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.594000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.497Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 214,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "161",
+ "object_id": 161,
+ "object_repr": "Information Exposure Through an Error Message (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.754000\"], \"hash_code\": [\"None\", \"fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00\"], \"id\": [\"None\", \"161\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\\n\\n**Line Number:** 52\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 52\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 53\\n**Column:** 387\\n**Source Object:** e\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n**Line Number:** 53\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.557000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.751000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.513Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 215,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "162",
+ "object_id": 162,
+ "object_repr": "Reliance on Cookies in a Decision (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.913000\"], \"hash_code\": [\"None\", \"bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717\"], \"id\": [\"None\", \"162\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"784\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\\n\\n**Line Number:** 38\\n**Column:** 388\\n**Source Object:** getCookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 41\\n**Column:** 373\\n**Source Object:** cookies\\n**Number:** 41\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 42\\n**Column:** 392\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 42\\n**Column:** 357\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 43\\n**Column:** 365\\n**Source Object:** cookie\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 280\\n**Column:** 356\\n**Source Object:** stmt\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n**Line Number:** 280\\n**Column:** 361\\n**Source Object:** !=\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.056000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.910000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"280\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.531Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 216,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "163",
+ "object_id": 163,
+ "object_repr": "Empty Password in Connection String (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.075000\"], \"hash_code\": [\"None\", \"ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f\"], \"id\": [\"None\", \"163\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.658000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.073000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.549Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 217,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "164",
+ "object_id": 164,
+ "object_repr": "Improper Resource Access Authorization (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.228000\"], \"hash_code\": [\"None\", \"c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a\"], \"id\": [\"None\", \"164\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\\n\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.993000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.225000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.566Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 218,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "165",
+ "object_id": 165,
+ "object_repr": "Client Cross Frame Scripting Attack (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.382000\"], \"hash_code\": [\"None\", \"51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b\"], \"id\": [\"None\", \"165\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Client Cross Frame Scripting Attack (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** JavaScript\\n**Group:** JavaScript Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\\n\\n**Line Number:** 1\\n**Column:** 1\\n**Source Object:** CxJSNS_1557034993\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.567000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.379000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.583Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 219,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "166",
+ "object_id": 166,
+ "object_repr": "Hardcoded Password in Connection String (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.524000\"], \"hash_code\": [\"None\", \"d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905\"], \"id\": [\"None\", \"166\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\\n\\n**Line Number:** 1\\n**Column:** 737\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 707\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.160000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.520000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.598Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 220,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "167",
+ "object_id": 167,
+ "object_repr": "HttpOnlyCookies in Config (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.675000\"], \"hash_code\": [\"None\", \"b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c\"], \"id\": [\"None\", \"167\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies in Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.484000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.672000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.614Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 221,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "168",
+ "object_id": 168,
+ "object_repr": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.824000\"], \"hash_code\": [\"None\", \"514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08\"], \"id\": [\"None\", \"168\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\\n\\n**Line Number:** 40\\n**Column:** 13\\n**Source Object:** connection\\n**Number:** 40\\n**Code:** this.connection = conn;\\n-----\\n**Line Number:** 43\\n**Column:** 31\\n**Source Object:** getParameters\\n**Number:** 43\\n**Code:** this.getParameters();\\n-----\\n**Line Number:** 44\\n**Column:** 28\\n**Source Object:** setResults\\n**Number:** 44\\n**Code:** this.setResults();\\n-----\\n**Line Number:** 188\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 188\\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\\n-----\\n**Line Number:** 198\\n**Column:** 61\\n**Source Object:** isAjax\\n**Number:** 198\\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\\\", \\\") : result.getTrHTML());\\n-----\\n**Line Number:** 201\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 201\\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\\n-----\\n**Line Number:** 45\\n**Column:** 27\\n**Source Object:** setScores\\n**Number:** 45\\n**Code:** this.setScores();\\n-----\\n**Line Number:** 129\\n**Column:** 28\\n**Source Object:** isDebug\\n**Number:** 129\\n**Code:** if(this.isDebug()){\\n-----\\n**Line Number:** 130\\n**Column:** 21\\n**Source Object:** connection\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 48\\n**Source Object:** createStatement\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 58\\n**Source Object:** execute\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.153000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.821000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"130\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.632Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 222,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "169",
+ "object_id": 169,
+ "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.976000\"], \"hash_code\": [\"None\", \"0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03\"], \"id\": [\"None\", \"169\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"614\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\\n\\n**Line Number:** 56\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 56\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.181000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.973000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.648Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 223,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "170",
+ "object_id": 170,
+ "object_repr": "CGI Reflected XSS All Clients (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.130000\"], \"hash_code\": [\"None\", \"7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800\"], \"id\": [\"None\", \"170\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.313000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.127000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.665Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 224,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "171",
+ "object_id": 171,
+ "object_repr": "Suspected XSS (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.275000\"], \"hash_code\": [\"None\", \"ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17\"], \"id\": [\"None\", \"171\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Suspected XSS (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\\n\\n**Line Number:** 57\\n**Column:** 360\\n**Source Object:** username\\n**Number:** 57\\n**Code:** | <%=username%> | \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.291000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.272000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.681Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 225,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "172",
+ "object_id": 172,
+ "object_repr": "Hardcoded Password in Connection String (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.427000\"], \"hash_code\": [\"None\", \"964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625\"], \"id\": [\"None\", \"172\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 704\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.006000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.424000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.696Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 226,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "173",
+ "object_id": 173,
+ "object_repr": "Hardcoded Password in Connection String (dbconnection.jspf)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.579000\"], \"hash_code\": [\"None\", \"e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904\"], \"id\": [\"None\", \"173\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.022000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.576000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.712Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 227,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "174",
+ "object_id": 174,
+ "object_repr": "Empty Password in Connection String (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.750000\"], \"hash_code\": [\"None\", \"8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653\"], \"id\": [\"None\", \"174\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.691000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.746000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.727Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 228,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "175",
+ "object_id": 175,
+ "object_repr": "Download of Code Without Integrity Check (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.910000\"], \"hash_code\": [\"None\", \"3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698\"], \"id\": [\"None\", \"175\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\\n\\n**Line Number:** 1\\n**Column:** 640\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.711000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.906000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.745Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 229,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "176",
+ "object_id": 176,
+ "object_repr": "Information Exposure Through an Error Message (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.073000\"], \"hash_code\": [\"None\", \"cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63\"], \"id\": [\"None\", \"176\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\\n\\n**Line Number:** 39\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 39\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 41\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 41\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.670000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.071000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"41\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.762Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 230,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "177",
+ "object_id": 177,
+ "object_repr": "SQL Injection (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.230000\"], \"hash_code\": [\"None\", \"9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce\"], \"id\": [\"None\", \"177\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.644000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.227000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.794Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 231,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "178",
+ "object_id": 178,
+ "object_repr": "Empty Password in Connection String (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.396000\"], \"hash_code\": [\"None\", \"35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120\"], \"id\": [\"None\", \"178\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.427000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.392000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.815Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 232,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "179",
+ "object_id": 179,
+ "object_repr": "CGI Stored XSS (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.589000\"], \"hash_code\": [\"None\", \"60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c\"], \"id\": [\"None\", \"179\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.535000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.583000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.832Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 233,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "180",
+ "object_id": 180,
+ "object_repr": "Plaintext Storage in a Cookie (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.758000\"], \"hash_code\": [\"None\", \"c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81\"], \"id\": [\"None\", \"180\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Plaintext Storage in a Cookie (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"315\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\\n\\n**Line Number:** 82\\n**Column:** 364\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 82\\n**Column:** 353\\n**Source Object:** basketId\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 84\\n**Column:** 391\\n**Source Object:** basketId\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.948000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.755000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.849Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 234,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "181",
+ "object_id": 181,
+ "object_repr": "Information Exposure Through an Error Message (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.921000\"], \"hash_code\": [\"None\", \"1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c\"], \"id\": [\"None\", \"181\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\\n\\n**Line Number:** 72\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 72\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 75\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 75\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.622000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.917000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"75\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.865Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 235,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "182",
+ "object_id": 182,
+ "object_repr": "Hardcoded Password in Connection String (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.101000\"], \"hash_code\": [\"None\", \"4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f\"], \"id\": [\"None\", \"182\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\\n\\n**Line Number:** 1\\n**Column:** 792\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 762\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.974000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.096000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.883Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 236,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "183",
+ "object_id": 183,
+ "object_repr": "Stored XSS (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.261000\"], \"hash_code\": [\"None\", \"1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05\"], \"id\": [\"None\", \"183\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.741000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.258000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.900Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 237,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "184",
+ "object_id": 184,
+ "object_repr": "Download of Code Without Integrity Check (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.457000\"], \"hash_code\": [\"None\", \"75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4\"], \"id\": [\"None\", \"184\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\\n\\n**Line Number:** 1\\n**Column:** 621\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.615000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.454000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.917Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 238,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "185",
+ "object_id": 185,
+ "object_repr": "Empty Password in Connection String (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.632000\"], \"hash_code\": [\"None\", \"afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841\"], \"id\": [\"None\", \"185\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.597000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.627000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.933Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 239,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "186",
+ "object_id": 186,
+ "object_repr": "Heap Inspection (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.811000\"], \"hash_code\": [\"None\", \"78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2\"], \"id\": [\"None\", \"186\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\\n\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.286000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.807000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"8\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.948Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 240,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "187",
+ "object_id": 187,
+ "object_repr": "Download of Code Without Integrity Check (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.992000\"], \"hash_code\": [\"None\", \"92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447\"], \"id\": [\"None\", \"187\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\\n\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.804000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.989000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.965Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 241,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "188",
+ "object_id": 188,
+ "object_repr": "Session Fixation (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.146000\"], \"hash_code\": [\"None\", \"f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21\"], \"id\": [\"None\", \"188\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Session Fixation (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"384\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\\n\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** setAttribute\\n**Number:** 48\\n**Code:** this.session.setAttribute(\\\"key\\\", this.encryptKey);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.531000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.143000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.981Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 242,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "189",
+ "object_id": 189,
+ "object_repr": "Stored XSS (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.308000\"], \"hash_code\": [\"None\", \"38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c\"], \"id\": [\"None\", \"189\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\\n\\n**Line Number:** 34\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 34\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 38\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 38\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 42\\n**Column:** 398\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** \\\" | \\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 42\\n**Column:** 410\\n**Source Object:** getString\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 392\\n**Source Object:** concat\\n**Number:** 39\\n**Code:** output = output.concat(\\\"| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 39\\n**Column:** 370\\n**Source Object:** output\\n**Number:** 39\\n**Code:** output = output.concat(\\\" |
| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 49\\n**Column:** 355\\n**Source Object:** output\\n**Number:** 49\\n**Code:** <%= output %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.955000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.305000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:23.998Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 243,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "190",
+ "object_id": 190,
+ "object_repr": "Empty Password in Connection String (dbconnection.jspf)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.488000\"], \"hash_code\": [\"None\", \"24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659\"], \"id\": [\"None\", \"190\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.489000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.484000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.014Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 244,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "191",
+ "object_id": 191,
+ "object_repr": "Hardcoded Password in Connection String (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.655000\"], \"hash_code\": [\"None\", \"148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d\"], \"id\": [\"None\", \"191\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2619\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.099000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.652000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.030Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 245,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "192",
+ "object_id": 192,
+ "object_repr": "Reflected XSS All Clients (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.814000\"], \"hash_code\": [\"None\", \"55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08\"], \"id\": [\"None\", \"192\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\" |
| \\\" + comments + \\\" |
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" |
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.515000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.811000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.046Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 246,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "193",
+ "object_id": 193,
+ "object_repr": "HttpOnlyCookies (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.984000\"], \"hash_code\": [\"None\", \"06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932\"], \"id\": [\"None\", \"193\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\\n\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.361000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.980000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"38\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.063Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 247,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "194",
+ "object_id": 194,
+ "object_repr": "Download of Code Without Integrity Check (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.152000\"], \"hash_code\": [\"None\", \"62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f\"], \"id\": [\"None\", \"194\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.851000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.148000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.079Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 248,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "195",
+ "object_id": 195,
+ "object_repr": "Stored XSS (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.364000\"], \"hash_code\": [\"None\", \"0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02\"], \"id\": [\"None\", \"195\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.870000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.359000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.159Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 249,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "196",
+ "object_id": 196,
+ "object_repr": "Empty Password in Connection String (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.557000\"], \"hash_code\": [\"None\", \"7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36\"], \"id\": [\"None\", \"196\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.567000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.552000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.175Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 250,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "197",
+ "object_id": 197,
+ "object_repr": "Reflected XSS All Clients (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.760000\"], \"hash_code\": [\"None\", \"95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1\"], \"id\": [\"None\", \"197\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.563000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.756000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.191Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 251,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "198",
+ "object_id": 198,
+ "object_repr": "Improper Resource Access Authorization (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.944000\"], \"hash_code\": [\"None\", \"b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628\"], \"id\": [\"None\", \"198\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.009000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.938000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"42\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.207Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 252,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "199",
+ "object_id": 199,
+ "object_repr": "Download of Code Without Integrity Check (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.131000\"], \"hash_code\": [\"None\", \"945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf\"], \"id\": [\"None\", \"199\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\\n\\n**Line Number:** 1\\n**Column:** 625\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.773000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.127000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.222Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 253,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "200",
+ "object_id": 200,
+ "object_repr": "Download of Code Without Integrity Check (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.335000\"], \"hash_code\": [\"None\", \"6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab\"], \"id\": [\"None\", \"200\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.866000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.333000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.238Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 254,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "201",
+ "object_id": 201,
+ "object_repr": "Improper Resource Access Authorization (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.529000\"], \"hash_code\": [\"None\", \"76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f\"], \"id\": [\"None\", \"201\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\\n\\n**Line Number:** 55\\n**Column:** 385\\n**Source Object:** executeQuery\\n**Number:** 55\\n**Code:** ResultSet rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE basketid = \\\" + basketId);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.815000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.526000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"55\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.254Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 255,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "202",
+ "object_id": 202,
+ "object_repr": "Race Condition Format Flaw (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.704000\"], \"hash_code\": [\"None\", \"3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a\"], \"id\": [\"None\", \"202\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"362\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\\n\\n**Line Number:** 262\\n**Column:** 399\\n**Source Object:** format\\n**Number:** 262\\n**Code:** out.println(\\\" | \\\" + nf.format(pricetopay) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.995000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.701000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"262\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.271Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 256,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "203",
+ "object_id": 203,
+ "object_repr": "Empty Password in Connection String (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.904000\"], \"hash_code\": [\"None\", \"66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e\"], \"id\": [\"None\", \"203\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\\n\\n**Line Number:** 89\\n**Column:** 1\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 89\\n**Code:** c = DriverManager.getConnection(\\\"jdbc:hsqldb:mem:SQL\\\", \\\"sa\\\", \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.536000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.900000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.287Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 257,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "204",
+ "object_id": 204,
+ "object_repr": "Improper Resource Access Authorization (FunctionalZAP.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.097000\"], \"hash_code\": [\"None\", \"174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725\"], \"id\": [\"None\", \"204\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (FunctionalZAP.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\\n\\n**Line Number:** 31\\n**Column:** 37\\n**Source Object:** getProperty\\n**Number:** 31\\n**Code:** String target = System.getProperty(\\\"zap.targetApp\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.769000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.093000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.303Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 258,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "205",
+ "object_id": 205,
+ "object_repr": "Suspected XSS (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.273000\"], \"hash_code\": [\"None\", \"cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a\"], \"id\": [\"None\", \"205\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Suspected XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** username\\n**Number:** 7\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 89\\n**Column:** 356\\n**Source Object:** username\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.260000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.265000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.319Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 259,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "206",
+ "object_id": 206,
+ "object_repr": "Use of Cryptographically Weak PRNG (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.494000\"], \"hash_code\": [\"None\", \"afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2\"], \"id\": [\"None\", \"206\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"338\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.655000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.480000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.335Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 260,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "207",
+ "object_id": 207,
+ "object_repr": "CGI Stored XSS (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.726000\"], \"hash_code\": [\"None\", \"1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20\"], \"id\": [\"None\", \"207\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.501000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.720000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.351Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 261,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "208",
+ "object_id": 208,
+ "object_repr": "Improper Resource Shutdown or Release (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.922000\"], \"hash_code\": [\"None\", \"2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2\"], \"id\": [\"None\", \"208\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\\n\\n**Line Number:** 1\\n**Column:** 2588\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2872\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3278\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3375\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3473\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3575\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3673\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3769\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3866\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3972\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4357\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4511\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4668\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4823\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5127\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5279\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5431\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5583\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5733\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5883\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6033\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6183\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6333\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6483\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6633\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6783\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6940\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7096\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7257\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7580\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7730\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7880\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8029\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8179\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8340\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8495\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8656\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8813\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8966\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9121\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9272\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9653\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9814\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9976\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10140\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10506\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10846\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10986\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11126\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11266\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11407\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11761\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11779\\n**Source Object:** prepareStatement\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11899\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.363000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.918000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.368Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 262,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "209",
+ "object_id": 209,
+ "object_repr": "Download of Code Without Integrity Check (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.098000\"], \"hash_code\": [\"None\", \"bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2\"], \"id\": [\"None\", \"209\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\\n\\n**Line Number:** 87\\n**Column:** 10\\n**Source Object:** forName\\n**Number:** 87\\n**Code:** Class.forName(\\\"org.hsqldb.jdbcDriver\\\" );\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.695000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.095000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"87\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.384Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 263,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "210",
+ "object_id": 210,
+ "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.259000\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"id\": [\"None\", \"210\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\\n\\n**Line Number:** 1\\n**Column:** 728\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1648\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 53\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 53\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 240\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 274\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 274\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.234000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.256000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.401Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 264,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "211",
+ "object_id": 211,
+ "object_repr": "Blind SQL Injections (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.465000\"], \"hash_code\": [\"None\", \"2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551\"], \"id\": [\"None\", \"211\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.255000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.461000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.417Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 265,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "212",
+ "object_id": 212,
+ "object_repr": "Client DOM Open Redirect (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.630000\"], \"hash_code\": [\"None\", \"3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93\"], \"id\": [\"None\", \"212\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Client DOM Open Redirect (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"601\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\\n\\n**Line Number:** 48\\n**Column:** 63\\n**Source Object:** href\\n**Number:** 48\\n**Code:** New Search\\n-----\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** location\\n**Number:** 48\\n**Code:** New Search\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.350000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.627000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.433Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 266,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "213",
+ "object_id": 213,
+ "object_repr": "Hardcoded Password in Connection String (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.787000\"], \"hash_code\": [\"None\", \"775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea\"], \"id\": [\"None\", \"213\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.224000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.784000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.448Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 267,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "214",
+ "object_id": 214,
+ "object_repr": "CGI Stored XSS (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.936000\"], \"hash_code\": [\"None\", \"9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242\"], \"id\": [\"None\", \"214\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.423000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.933000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.463Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 268,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "215",
+ "object_id": 215,
+ "object_repr": "Use of Insufficiently Random Values (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.133000\"], \"hash_code\": [\"None\", \"2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48\"], \"id\": [\"None\", \"215\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"330\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.809000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.129000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.478Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 269,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "216",
+ "object_id": 216,
+ "object_repr": "Missing X Frame Options (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.291000\"], \"hash_code\": [\"None\", \"5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3\"], \"id\": [\"None\", \"216\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"829\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.889000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.288000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.493Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 270,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "217",
+ "object_id": 217,
+ "object_repr": "Reflected XSS All Clients (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.455000\"], \"hash_code\": [\"None\", \"86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06\"], \"id\": [\"None\", \"217\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\\n\\n**Line Number:** 10\\n**Column:** 395\\n**Source Object:** \\\"\\\"q\\\"\\\"\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 394\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** query\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 362\\n**Source Object:** query\\n**Number:** 13\\n**Code:** if (query.replaceAll(\\\"\\\\\\\\s\\\", \\\"\\\").toLowerCase().indexOf(\\\"\\\") >= 0) {\\n-----\\n**Line Number:** 18\\n**Column:** 380\\n**Source Object:** query\\n**Number:** 18\\n**Code:** You searched for: <%= query %>
\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.578000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.452000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"18\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.509Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 271,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "218",
+ "object_id": 218,
+ "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.624000\"], \"hash_code\": [\"None\", \"7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb\"], \"id\": [\"None\", \"218\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"614\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\\n\\n**Line Number:** 84\\n**Column:** 372\\n**Source Object:** Cookie\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.134000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.621000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.524Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 272,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "219",
+ "object_id": 219,
+ "object_repr": "Information Exposure Through an Error Message (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.780000\"], \"hash_code\": [\"None\", \"1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9\"], \"id\": [\"None\", \"219\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\\n\\n**Line Number:** 35\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 35\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 37\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.795000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.777000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.538Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 273,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "220",
+ "object_id": 220,
+ "object_repr": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.990000\"], \"hash_code\": [\"None\", \"d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be\"], \"id\": [\"None\", \"220\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Hard Coded Cryptographic Key (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"321\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\\n\\n**Line Number:** 47\\n**Column:** 70\\n**Source Object:** 0\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 69\\n**Source Object:** substring\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 17\\n**Source Object:** encryptKey\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 17\\n**Column:** 374\\n**Source Object:** AdvancedSearch\\n**Number:** 17\\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\\n-----\\n**Line Number:** 18\\n**Column:** 357\\n**Source Object:** as\\n**Number:** 18\\n**Code:** if(as.isAjax()){\\n-----\\n**Line Number:** 26\\n**Column:** 20\\n**Source Object:** encryptKey\\n**Number:** 26\\n**Code:** private String encryptKey = null;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.732000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.984000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"26\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.553Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 274,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "221",
+ "object_id": 221,
+ "object_repr": "Reliance on Cookies in a Decision (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.162000\"], \"hash_code\": [\"None\", \"84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41\"], \"id\": [\"None\", \"221\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"784\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\\n\\n**Line Number:** 46\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 49\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 49\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 50\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 50\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 51\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 56\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 56\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.103000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.158000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.568Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 275,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "222",
+ "object_id": 222,
+ "object_repr": "Stored XSS (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.406000\"], \"hash_code\": [\"None\", \"2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e\"], \"id\": [\"None\", \"222\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\\n\\n**Line Number:** 63\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 63\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 66\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 66\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 68\\n**Column:** 411\\n**Source Object:** rs\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 423\\n**Source Object:** getString\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.839000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.402000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"68\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.583Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 276,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "223",
+ "object_id": 223,
+ "object_repr": "CGI Stored XSS (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.600000\"], \"hash_code\": [\"None\", \"45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991\"], \"id\": [\"None\", \"223\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.375000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.596000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.598Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 277,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "224",
+ "object_id": 224,
+ "object_repr": "Heap Inspection (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.772000\"], \"hash_code\": [\"None\", \"6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd\"], \"id\": [\"None\", \"224\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.345000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.769000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"7\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.613Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 278,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "225",
+ "object_id": 225,
+ "object_repr": "Improper Resource Shutdown or Release (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.947000\"], \"hash_code\": [\"None\", \"763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992\"], \"id\": [\"None\", \"225\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\\n\\n**Line Number:** 1\\n**Column:** 721\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1641\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 20\\n**Column:** 371\\n**Source Object:** conn\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 391\\n**Source Object:** createStatement\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 364\\n**Source Object:** stmt\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 34\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 57\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 57\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.493000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.944000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.628Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 279,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "226",
+ "object_id": 226,
+ "object_repr": "Information Exposure Through an Error Message (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.129000\"], \"hash_code\": [\"None\", \"508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19\"], \"id\": [\"None\", \"226\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\\n\\n**Line Number:** 64\\n**Column:** 374\\n**Source Object:** e\\n**Number:** 64\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 65\\n**Column:** 357\\n**Source Object:** e\\n**Number:** 65\\n**Code:** if (e.getMessage().indexOf(\\\"Unique constraint violation\\\") >= 0) {\\n-----\\n**Line Number:** 70\\n**Column:** 392\\n**Source Object:** e\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 70\\n**Column:** 366\\n**Source Object:** println\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.780000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.126000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"70\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.643Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 280,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "227",
+ "object_id": 227,
+ "object_repr": "Improper Resource Access Authorization (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.301000\"], \"hash_code\": [\"None\", \"1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610\"], \"id\": [\"None\", \"227\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\\n\\n**Line Number:** 1\\n**Column:** 3261\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.922000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.296000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.658Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 281,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "228",
+ "object_id": 228,
+ "object_repr": "CGI Stored XSS (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.482000\"], \"hash_code\": [\"None\", \"d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d\"], \"id\": [\"None\", \"228\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 14\\n**Column:** 38\\n**Source Object:** getAttribute\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 10\\n**Source Object:** username\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 52\\n**Source Object:** username\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 8\\n**Source Object:** println\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.455000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.479000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.674Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 282,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "229",
+ "object_id": 229,
+ "object_repr": "Blind SQL Injections (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.670000\"], \"hash_code\": [\"None\", \"f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31\"], \"id\": [\"None\", \"229\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.204000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.667000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.689Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 283,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "230",
+ "object_id": 230,
+ "object_repr": "HttpOnlyCookies in Config (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.875000\"], \"hash_code\": [\"None\", \"7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0\"], \"id\": [\"None\", \"230\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies in Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.469000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.855000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.705Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 284,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "231",
+ "object_id": 231,
+ "object_repr": "Use of Hard Coded Cryptographic Key (AES.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:43.252000\"], \"hash_code\": [\"None\", \"779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b\"], \"id\": [\"None\", \"231\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Hard Coded Cryptographic Key (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"321\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\\n\\n**Line Number:** 50\\n**Column:** 43\\n**Source Object:** \\\"\\\"AES/ECB/NoPadding\\\"\\\"\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 42\\n**Source Object:** getInstance\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 19\\n**Source Object:** c2\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.702000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:43.249000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.720Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 285,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "232",
+ "object_id": 232,
+ "object_repr": "Improper Resource Shutdown or Release (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:43.521000\"], \"hash_code\": [\"None\", \"326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201\"], \"id\": [\"None\", \"232\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\\n\\n**Line Number:** 13\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.445000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:43.516000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.735Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 286,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "233",
+ "object_id": 233,
+ "object_repr": "CGI Reflected XSS All Clients (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:43.816000\"], \"hash_code\": [\"None\", \"d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02\"], \"id\": [\"None\", \"233\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.266000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:43.811000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.750Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 287,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "234",
+ "object_id": 234,
+ "object_repr": "Stored XSS (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.090000\"], \"hash_code\": [\"None\", \"926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d\"], \"id\": [\"None\", \"234\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\" | \\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.922000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.082000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.765Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 288,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "235",
+ "object_id": 235,
+ "object_repr": "Information Exposure Through an Error Message (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.309000\"], \"hash_code\": [\"None\", \"cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd\"], \"id\": [\"None\", \"235\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\\n\\n**Line Number:** 62\\n**Column:** 371\\n**Source Object:** e\\n**Number:** 62\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 65\\n**Column:** 391\\n**Source Object:** e\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 65\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.573000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.305000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"65\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.780Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 289,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "236",
+ "object_id": 236,
+ "object_repr": "Improper Resource Access Authorization (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.506000\"], \"hash_code\": [\"None\", \"b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10\"], \"id\": [\"None\", \"236\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\\n\\n**Line Number:** 14\\n**Column:** 396\\n**Source Object:** execute\\n**Number:** 14\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.123000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.500000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.795Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 290,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "237",
+ "object_id": 237,
+ "object_repr": "Improper Resource Access Authorization (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.703000\"], \"hash_code\": [\"None\", \"40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17\"], \"id\": [\"None\", \"237\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\\n\\n**Line Number:** 14\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.876000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.700000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.810Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 291,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "238",
+ "object_id": 238,
+ "object_repr": "Improper Resource Shutdown or Release (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.936000\"], \"hash_code\": [\"None\", \"8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6\"], \"id\": [\"None\", \"238\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\\n\\n**Line Number:** 1\\n**Column:** 669\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1589\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 15\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 15\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Users\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 27\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Baskets\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 40\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 40\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.185000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.930000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"40\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.826Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 292,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "239",
+ "object_id": 239,
+ "object_repr": "Information Exposure Through an Error Message (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:45.150000\"], \"hash_code\": [\"None\", \"641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2\"], \"id\": [\"None\", \"239\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\\n\\n**Line Number:** 55\\n**Column:** 377\\n**Source Object:** e\\n**Number:** 55\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 58\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 58\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.841000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:45.147000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"58\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.841Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 293,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "240",
+ "object_id": 240,
+ "object_repr": "Blind SQL Injections (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:45.387000\"], \"hash_code\": [\"None\", \"c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336\"], \"id\": [\"None\", \"240\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.302000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:45.382000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.856Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 294,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "241",
+ "object_id": 241,
+ "object_repr": "Reliance on Cookies in a Decision (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:45.588000\"], \"hash_code\": [\"None\", \"11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9\"], \"id\": [\"None\", \"241\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"784\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\\n\\n**Line Number:** 35\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 39\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 40\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 45\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 45\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.087000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:45.583000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"45\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.871Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 295,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "242",
+ "object_id": 242,
+ "object_repr": "Download of Code Without Integrity Check (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:45.816000\"], \"hash_code\": [\"None\", \"7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a\"], \"id\": [\"None\", \"242\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.911000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:45.806000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.886Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 296,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "243",
+ "object_id": 243,
+ "object_repr": "Unsynchronized Access to Shared Data (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:46.040000\"], \"hash_code\": [\"None\", \"dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87\"], \"id\": [\"None\", \"243\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Unsynchronized Access to Shared Data (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"567\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\\n\\n**Line Number:** 93\\n**Column:** 24\\n**Source Object:** jsonEmpty\\n**Number:** 93\\n**Code:** return this.jsonEmpty;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.322000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:46.034000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"93\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.901Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 297,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "244",
+ "object_id": 244,
+ "object_repr": "Empty Password in Connection String (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:46.325000\"], \"hash_code\": [\"None\", \"63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95\"], \"id\": [\"None\", \"244\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.738000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:46.316000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.916Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 298,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "245",
+ "object_id": 245,
+ "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:46.571000\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"id\": [\"None\", \"245\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\\n\\n**Line Number:** 1\\n**Column:** 670\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1590\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 12\\n**Column:** 368\\n**Source Object:** conn\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 388\\n**Source Object:** createStatement\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 361\\n**Source Object:** stmt\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 15\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 383\\n**Source Object:** getInt\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 360\\n**Source Object:** userid\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 23\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 23\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n**Line Number:** 37\\n**Column:** 396\\n**Source Object:** getAttribute\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 358\\n**Source Object:** userid\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 420\\n**Source Object:** userid\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 376\\n**Source Object:** executeQuery\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 111\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 111\\n**Code:** rs.next();\\n-----\\n**Line Number:** 112\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 379\\n**Source Object:** getInt\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.201000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:46.567000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.931Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 299,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "246",
+ "object_id": 246,
+ "object_repr": "Improper Resource Access Authorization (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:46.801000\"], \"hash_code\": [\"None\", \"5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40\"], \"id\": [\"None\", \"246\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.074000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:46.793000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.947Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 300,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "247",
+ "object_id": 247,
+ "object_repr": "Session Fixation (logout.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.007000\"], \"hash_code\": [\"None\", \"08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10\"], \"id\": [\"None\", \"247\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Session Fixation (logout.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"384\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\\n\\n**Line Number:** 3\\n**Column:** 370\\n**Source Object:** setAttribute\\n**Number:** 3\\n**Code:** session.setAttribute(\\\"username\\\", null);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.546000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.002000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"3\"], \"file_path\": [\"None\", \"/root/logout.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.963Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 301,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "248",
+ "object_id": 248,
+ "object_repr": "Hardcoded Password in Connection String (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.229000\"], \"hash_code\": [\"None\", \"fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd\"], \"id\": [\"None\", \"248\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.115000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.225000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.977Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 302,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "249",
+ "object_id": 249,
+ "object_repr": "Hardcoded Password in Connection String (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.445000\"], \"hash_code\": [\"None\", \"b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44\"], \"id\": [\"None\", \"249\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 860\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.942000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.440000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:24.992Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 303,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "250",
+ "object_id": 250,
+ "object_repr": "Improper Resource Access Authorization (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.662000\"], \"hash_code\": [\"None\", \"70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1\"], \"id\": [\"None\", \"250\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.938000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.659000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.007Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 304,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "251",
+ "object_id": 251,
+ "object_repr": "Improper Resource Access Authorization (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.867000\"], \"hash_code\": [\"None\", \"920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9\"], \"id\": [\"None\", \"251\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\\n\\n**Line Number:** 91\\n**Column:** 14\\n**Source Object:** executeQuery\\n**Number:** 91\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.862000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.864000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"91\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.025Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 305,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "252",
+ "object_id": 252,
+ "object_repr": "Empty Password in Connection String (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.018000\"], \"hash_code\": [\"None\", \"6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44\"], \"id\": [\"None\", \"252\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.722000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.015000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.040Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 306,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "253",
+ "object_id": 253,
+ "object_repr": "Improper Resource Shutdown or Release (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.175000\"], \"hash_code\": [\"None\", \"97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d\"], \"id\": [\"None\", \"253\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\\n\\n**Line Number:** 21\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.380000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.171000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.055Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 307,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "254",
+ "object_id": 254,
+ "object_repr": "Improper Resource Shutdown or Release (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.382000\"], \"hash_code\": [\"None\", \"810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28\"], \"id\": [\"None\", \"254\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\\n\\n**Line Number:** 1\\n**Column:** 691\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1611\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 97\\n**Column:** 353\\n**Source Object:** conn\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 373\\n**Source Object:** createStatement\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.429000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.378000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"97\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.071Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 308,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "255",
+ "object_id": 255,
+ "object_repr": "Empty Password in Connection String (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.563000\"], \"hash_code\": [\"None\", \"eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296\"], \"id\": [\"None\", \"255\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.628000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.560000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.086Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 309,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "256",
+ "object_id": 256,
+ "object_repr": "Information Exposure Through an Error Message (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.761000\"], \"hash_code\": [\"None\", \"af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb\"], \"id\": [\"None\", \"256\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\\n\\n**Line Number:** 60\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 60\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 63\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 63\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.702000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.755000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"63\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.101Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 310,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "257",
+ "object_id": 257,
+ "object_repr": "Use of Insufficiently Random Values (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.957000\"], \"hash_code\": [\"None\", \"78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88\"], \"id\": [\"None\", \"257\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"330\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.748000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.954000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.117Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 311,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "258",
+ "object_id": 258,
+ "object_repr": "Stored XSS (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:49.162000\"], \"hash_code\": [\"None\", \"9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d\"], \"id\": [\"None\", \"258\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 89\\n**Column:** 401\\n**Source Object:** getAttribute\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.788000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:49.157000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.132Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 312,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "259",
+ "object_id": 259,
+ "object_repr": "HttpOnlyCookies (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:49.539000\"], \"hash_code\": [\"None\", \"93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3\"], \"id\": [\"None\", \"259\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\\n\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.391000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:49.535000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"35\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.146Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 313,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "260",
+ "object_id": 260,
+ "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:49.721000\"], \"hash_code\": [\"None\", \"ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99\"], \"id\": [\"None\", \"260\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"614\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\\n\\n**Line Number:** 61\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 61\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.211000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:49.716000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"61\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.161Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 314,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "261",
+ "object_id": 261,
+ "object_repr": "Information Exposure Through an Error Message (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:49.927000\"], \"hash_code\": [\"None\", \"584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215\"], \"id\": [\"None\", \"261\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\\n\\n**Line Number:** 96\\n**Column:** 18\\n**Source Object:** e\\n**Number:** 96\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 99\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 99\\n**Column:** 9\\n**Source Object:** println\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.654000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:49.923000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"99\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.176Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 315,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "262",
+ "object_id": 262,
+ "object_repr": "Race Condition Format Flaw (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.136000\"], \"hash_code\": [\"None\", \"b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1\"], \"id\": [\"None\", \"262\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"362\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\\n\\n**Line Number:** 51\\n**Column:** 400\\n**Source Object:** format\\n**Number:** 51\\n**Code:** \\\"\\\" + nf.format(price) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.026000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.131000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"51\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.190Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 316,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "263",
+ "object_id": 263,
+ "object_repr": "Stored XSS (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.351000\"], \"hash_code\": [\"None\", \"59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2\"], \"id\": [\"None\", \"263\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.887000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.345000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.205Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 317,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "264",
+ "object_id": 264,
+ "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.575000\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"id\": [\"None\", \"264\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1593\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 26\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 29\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 31\\n**Code:** rs.next();\\n-----\\n**Line Number:** 32\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 377\\n**Source Object:** getInt\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 353\\n**Source Object:** userid\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 36\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 36\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.282000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.571000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.222Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 318,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "265",
+ "object_id": 265,
+ "object_repr": "Heap Inspection (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.779000\"], \"hash_code\": [\"None\", \"28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f\"], \"id\": [\"None\", \"265\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\\n\\n**Line Number:** 1\\n**Column:** 563\\n**Source Object:** passwordSize\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.240000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.772000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.237Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 319,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "266",
+ "object_id": 266,
+ "object_repr": "CGI Reflected XSS All Clients (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.992000\"], \"hash_code\": [\"None\", \"ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8\"], \"id\": [\"None\", \"266\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.298000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.988000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.252Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 320,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "267",
+ "object_id": 267,
+ "object_repr": "Empty Password in Connection String (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.212000\"], \"hash_code\": [\"None\", \"ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6\"], \"id\": [\"None\", \"267\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.458000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.206000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.267Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 321,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "268",
+ "object_id": 268,
+ "object_repr": "Information Exposure Through an Error Message (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.383000\"], \"hash_code\": [\"None\", \"85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49\"], \"id\": [\"None\", \"268\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\\n\\n**Line Number:** 95\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 95\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 98\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 98\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.749000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.380000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"98\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.282Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 322,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "269",
+ "object_id": 269,
+ "object_repr": "XSRF (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.544000\"], \"hash_code\": [\"None\", \"371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473\"], \"id\": [\"None\", \"269\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"XSRF (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"352\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.824000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.541000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.297Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 323,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "270",
+ "object_id": 270,
+ "object_repr": "Download of Code Without Integrity Check (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.721000\"], \"hash_code\": [\"None\", \"ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f\"], \"id\": [\"None\", \"270\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\\n\\n**Line Number:** 1\\n**Column:** 778\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.648000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.719000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.313Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 324,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "271",
+ "object_id": 271,
+ "object_repr": "Improper Resource Access Authorization (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.877000\"], \"hash_code\": [\"None\", \"d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5\"], \"id\": [\"None\", \"271\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\\n\\n**Line Number:** 29\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.041000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.872000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.328Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 325,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "272",
+ "object_id": 272,
+ "object_repr": "Download of Code Without Integrity Check (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.049000\"], \"hash_code\": [\"None\", \"f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e\"], \"id\": [\"None\", \"272\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\\n\\n**Line Number:** 1\\n**Column:** 680\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.664000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.046000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.343Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 326,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "273",
+ "object_id": 273,
+ "object_repr": "Improper Resource Access Authorization (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.209000\"], \"hash_code\": [\"None\", \"5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099\"], \"id\": [\"None\", \"273\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\\n\\n**Line Number:** 12\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 12\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.800000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.205000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"12\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.358Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 327,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "274",
+ "object_id": 274,
+ "object_repr": "Use of Cryptographically Weak PRNG (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.388000\"], \"hash_code\": [\"None\", \"39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2\"], \"id\": [\"None\", \"274\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"338\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.609000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.385000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.373Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 328,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "275",
+ "object_id": 275,
+ "object_repr": "Improper Resource Shutdown or Release (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.571000\"], \"hash_code\": [\"None\", \"82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b\"], \"id\": [\"None\", \"275\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\\n\\n**Line Number:** 24\\n**Column:** 377\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 398\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 27\\n**Code:** stmt.setString(1, username);\\n-----\\n**Line Number:** 28\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 28\\n**Code:** stmt.setString(2, comments);\\n-----\\n**Line Number:** 29\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 29\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.298000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.568000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.388Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 329,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "276",
+ "object_id": 276,
+ "object_repr": "Reflected XSS All Clients (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.771000\"], \"hash_code\": [\"None\", \"52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e\"], \"id\": [\"None\", \"276\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.531000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.766000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.404Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 330,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "277",
+ "object_id": 277,
+ "object_repr": "Use of Insufficiently Random Values (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.938000\"], \"hash_code\": [\"None\", \"67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a\"], \"id\": [\"None\", \"277\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"330\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.778000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.933000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.419Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 331,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "278",
+ "object_id": 278,
+ "object_repr": "SQL Injection (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:53.124000\"], \"hash_code\": [\"None\", \"a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9\"], \"id\": [\"None\", \"278\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.612000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:53.121000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.433Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 332,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "279",
+ "object_id": 279,
+ "object_repr": "Test",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:36:25.003000\"], \"hash_code\": [\"None\", \"df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5\"], \"id\": [\"None\", \"279\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Test\"], \"date\": [\"None\", \"2021-11-03\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"No url given\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"asdf\"], \"mitigation\": [\"None\", \"adf\"], \"impact\": [\"None\", \"asdf\"], \"steps_to_reproduce\": [\"None\", \"\"], \"severity_justification\": [\"None\", \"\"], \"references\": [\"None\", \"No references given\"], \"test\": [\"None\", \"Pen Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.675000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.448Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 333,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "280",
+ "object_id": 280,
+ "object_repr": "Notepad++.exe | CVE-2007-2666",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:44:35.863000\"], \"hash_code\": [\"None\", \"1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a\"], \"id\": [\"None\", \"280\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Notepad++.exe | CVE-2007-2666\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"1035\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\\n\\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"name: 23961\\nsource: BID\\nurl: http://www.securityfocus.com/bid/23961\\n\\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\\nsource: BUGTRAQ\\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\\n\\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\\nsource: BUGTRAQ\\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\\n\\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\\nsource: CONFIRM\\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\\n\\nname: 3912\\nsource: MILW0RM\\nurl: http://www.milw0rm.com/exploits/3912\\n\\nname: ADV-2007-1794\\nsource: VUPEN\\nurl: http://www.vupen.com/english/advisories/2007/1794\\n\\nname: ADV-2007-1867\\nsource: VUPEN\\nurl: http://www.vupen.com/english/advisories/2007/1867\\n\\nname: notepadplus-rb-bo(34269)\\nsource: XF\\nurl: http://xforce.iss.net/xforce/xfdb/34269\\n\\nname: scintilla-rb-bo(34372)\\nsource: XF\\nurl: http://xforce.iss.net/xforce/xfdb/34372\\n\\n\"], \"test\": [\"None\", \"Dependency Check Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.440000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:44:35.859000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"notepad++.exe\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.462Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 334,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "281",
+ "object_id": 281,
+ "object_repr": "Notepad++.exe | CVE-2008-3436",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:44:36.140000\"], \"hash_code\": [\"None\", \"b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb\"], \"id\": [\"None\", \"281\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Notepad++.exe | CVE-2008-3436\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"1035\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"CWE-94 Improper Control of Generation of Code ('Code Injection')\\n\\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\\nsource: FULLDISC\\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\\n\\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\\nsource: MISC\\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\\n\\n\"], \"test\": [\"None\", \"Dependency Check Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.456000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:44:36.137000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"notepad++.exe\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.477Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 335,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "282",
+ "object_id": 282,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:06.484000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"282\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Account\\\\ViewAccountInfo.aspx.cs\\nLine: 22\\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.352000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:06.480000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.493Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 336,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "283",
+ "object_id": 283,
+ "object_repr": ".NET Debugging Enabled",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:06.676000\"], \"hash_code\": [\"None\", \"6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a\"], \"id\": [\"None\", \"283\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \".NET Debugging Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Severity: Medium\\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Web.config\\nLine: 25\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.001000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:06.674000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.508Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 337,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "284",
+ "object_id": 284,
+ "object_repr": "URL Request Gets Path From Variable",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:06.857000\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"id\": [\"None\", \"284\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"URL Request Gets Path From Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\PackageTracking.aspx.cs\\nLine: 72\\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.127000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:06.854000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.523Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 338,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "285",
+ "object_id": 285,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.054000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"285\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\XtremelyEvilWebApp\\\\StealCookies.aspx.cs\\nLine: 19\\nCodeLine: TODO: Mail the cookie in real time.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.513000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.052000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.537Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 339,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "286",
+ "object_id": 286,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.234000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"286\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\CustomerRepository.cs\\nLine: 41\\nCodeLine: TODO: Add try/catch logic\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.481000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.231000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.552Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 340,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "287",
+ "object_id": 287,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.429000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"287\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\ShipperRepository.cs\\nLine: 37\\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.467000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.426000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.567Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 341,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "288",
+ "object_id": 288,
+ "object_repr": ".NET Debugging Enabled",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.619000\"], \"hash_code\": [\"None\", \"6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a\"], \"id\": [\"None\", \"288\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \".NET Debugging Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Severity: Medium\\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\XtremelyEvilWebApp\\\\Web.config\\nLine: 6\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.986000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.616000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.581Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 342,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "289",
+ "object_id": 289,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.818000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"289\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Product.aspx.cs\\nLine: 58\\nCodeLine: TODO: Put this in try/catch as well\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.452000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.815000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.595Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 343,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "290",
+ "object_id": 290,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.024000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"290\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Checkout\\\\Checkout.aspx.cs\\nLine: 145\\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.438000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.021000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.610Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 344,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "291",
+ "object_id": 291,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.214000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"291\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Order.cs\\nLine: 27\\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.423000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.212000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.626Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 345,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "292",
+ "object_id": 292,
+ "object_repr": "URL Request Gets Path From Variable",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.407000\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"id\": [\"None\", \"292\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"URL Request Gets Path From Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Account\\\\Register.aspx.cs\\nLine: 35\\nCodeLine: Response.Redirect(continueUrl);\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.157000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.405000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.642Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 346,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "293",
+ "object_id": 293,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.576000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"293\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\BlogResponseRepository.cs\\nLine: 18\\nCodeLine: TODO: should put this in a try/catch\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.408000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.574000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.657Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 347,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "294",
+ "object_id": 294,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.774000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"294\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\BlogEntryRepository.cs\\nLine: 18\\nCodeLine: TODO: should put this in a try/catch\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.395000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.770000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.672Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 348,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "295",
+ "object_id": 295,
+ "object_repr": "URL Request Gets Path From Variable",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.994000\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"id\": [\"None\", \"295\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"URL Request Gets Path From Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\PackageTracking.aspx.cs\\nLine: 25\\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.142000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.991000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.689Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 349,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "296",
+ "object_id": 296,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:09.157000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"296\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Cart.cs\\nLine: 16\\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.528000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:09.155000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.705Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 350,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "297",
+ "object_id": 297,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:09.337000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"297\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Cart.cs\\nLine: 41\\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.496000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:09.334000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.720Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 351,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "298",
+ "object_id": 298,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:09.514000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"298\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Product.aspx.cs\\nLine: 59\\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.381000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:09.511000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.736Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 352,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "299",
+ "object_id": 299,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:09.700000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"299\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Checkout\\\\Checkout.aspx.cs\\nLine: 102\\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.366000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:09.697000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.752Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 353,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "300",
+ "object_id": 300,
+ "object_repr": "Password Field With Autocomplete Enabled",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:17.890000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"id\": [\"None\", \"300\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Password Field With Autocomplete Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field with autocomplete enabled:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\\\"off\\\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\\n\\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\\n\"], \"impact\": [\"None\", \"Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\\n\\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.095000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.769Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 354,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "301",
+ "object_id": 301,
+ "object_repr": "Frameable Response (Potential Clickjacking)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:18.169000\"], \"scanner_confidence\": [\"None\", \"4\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"id\": [\"None\", \"301\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Frameable Response (Potential Clickjacking)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/logout.jsp\\n\\n\\nURL: http://localhost:8888/\\n\\n\\nURL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\\n\"], \"impact\": [\"None\", \"If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\\n\\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \\\"framebusting\\\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\\n\\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \\n\"], \"references\": [\"None\", \"\\n\\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.606000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.785Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 355,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "302",
+ "object_id": 302,
+ "object_repr": "Cross-Site Scripting (Reflected)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:18.645000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c\"], \"id\": [\"None\", \"302\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Cross-Site Scripting (Reflected)\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\\n\\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \\\" ' and =, should be replaced with the corresponding HTML entities (< > etc).\\n\\n\\n\\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\\n\"], \"impact\": [\"None\", \"Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\\n\\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\\n\\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\\n\\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \\n\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.375000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.801Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 356,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "303",
+ "object_id": 303,
+ "object_repr": "Unencrypted Communications",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:18.860000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503\"], \"id\": [\"None\", \"303\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Unencrypted Communications\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\\n\"], \"impact\": [\"None\", \"The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\\n\\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \\n\\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\\n\"], \"references\": [\"None\", \"\\n\\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.173000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.819Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 357,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "304",
+ "object_id": 304,
+ "object_repr": "Password Returned in Later Response",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:19.072000\"], \"scanner_confidence\": [\"None\", \"7\"], \"hash_code\": [\"None\", \"a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428\"], \"id\": [\"None\", \"304\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Password Returned in Later Response\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\\n\"], \"impact\": [\"None\", \"Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.078000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.835Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 358,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "305",
+ "object_id": 305,
+ "object_repr": "Email Addresses Disclosed",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:19.278000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f\"], \"id\": [\"None\", \"305\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Email Addresses Disclosed\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@test.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\\n\\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \\n\"], \"impact\": [\"None\", \"The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\\n\\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.590000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.851Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 359,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "306",
+ "object_id": 306,
+ "object_repr": "Cross-Site Request Forgery",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:19.559000\"], \"scanner_confidence\": [\"None\", \"7\"], \"hash_code\": [\"None\", \"1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa\"], \"id\": [\"None\", \"306\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Cross-Site Request Forgery\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\\n\\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \\n\"], \"impact\": [\"None\", \"Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\\n\\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\\n\\n\\n\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.543000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.867Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 360,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "307",
+ "object_id": 307,
+ "object_repr": "SQL Injection",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:19.783000\"], \"scanner_confidence\": [\"None\", \"4\"], \"hash_code\": [\"None\", \"31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a\"], \"id\": [\"None\", \"307\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \\n \\nThe database appears to be Microsoft SQL Server.\\n\\n\"], \"mitigation\": [\"None\", \"The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \\n\\n\\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\\n\\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \\n\\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\\n\\n\\n\"], \"impact\": [\"None\", \"SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\\n\\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \\n\"], \"references\": [\"None\", \"\\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.422000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.883Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 361,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "308",
+ "object_id": 308,
+ "object_repr": "Path-Relative Style Sheet Import",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:20.049000\"], \"scanner_confidence\": [\"None\", \"7\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"id\": [\"None\", \"308\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Path-Relative Style Sheet Import\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/logout.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \\n\\n * Setting the HTTP response header \\\"X-Frame-Options: deny\\\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\\n * Setting a modern doctype (e.g. \\\"\\\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\\n * Setting the HTTP response header \\\"X-Content-Type-Options: no sniff\\\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\\n\\n\\n\"], \"impact\": [\"None\", \"Path-relative style sheet import vulnerabilities arise when the following conditions hold:\\n\\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \\\"/original-path/file.php\\\" might import \\\"styles/main.css\\\").\\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \\\"/original-path/file.php/extra-junk/\\\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \\\"/original-path/file.php/extra-junk/styles/main.css\\\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\\n\\n\\n\\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\\n\\n * Executing arbitrary JavaScript using IE's expression() function.\\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\\n\\n\\n\"], \"references\": [\"None\", \"\\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.639000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.901Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 362,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "309",
+ "object_id": 309,
+ "object_repr": "Cleartext Submission of Password",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:20.461000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"id\": [\"None\", \"309\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Cleartext Submission of Password\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\\n\"], \"impact\": [\"None\", \"Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.346000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.920Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 363,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "310",
+ "object_id": 310,
+ "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:18.067000\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"id\": [\"None\", \"310\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 59\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(notFound)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.187000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:18.064000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.936Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 364,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "311",
+ "object_id": 311,
+ "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:18.320000\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"id\": [\"None\", \"311\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 58\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(value)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.219000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:18.317000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.953Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 365,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "312",
+ "object_id": 312,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:18.592000\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"id\": [\"None\", \"312\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 165\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.981000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:18.590000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.972Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 366,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "313",
+ "object_id": 313,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:18.815000\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"id\": [\"None\", \"313\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 82\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.951000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:18.813000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:25.989Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 367,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "314",
+ "object_id": 314,
+ "object_repr": "SQL String Formatting-G201",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.003000\"], \"hash_code\": [\"None\", \"929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd\"], \"id\": [\"None\", \"314\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL String Formatting-G201\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\\nLine number: 36-39\\nIssue Confidence: HIGH\\n\\nCode:\\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \\n\\t\\t\\t\\t\\t\\t\\t\\tFROM Profile as p,Users as u \\n\\t\\t\\t\\t\\t\\t\\t\\twhere p.user_id = u.id \\n\\t\\t\\t\\t\\t\\t\\t\\tand u.id=%s`,uid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.094000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/sqli/function.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.005Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 368,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "315",
+ "object_id": 315,
+ "object_repr": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.202000\"], \"hash_code\": [\"None\", \"58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5\"], \"id\": [\"None\", \"315\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 8\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.017000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19.199000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.022Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 369,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "316",
+ "object_id": 316,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.412000\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"id\": [\"None\", \"316\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 124\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.997000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19.409000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.038Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 370,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "317",
+ "object_id": 317,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.621000\"], \"hash_code\": [\"None\", \"847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af\"], \"id\": [\"None\", \"317\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 63\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.935000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19.618000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.053Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 371,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "318",
+ "object_id": 318,
+ "object_repr": "Use of Weak Cryptographic Primitive-G401",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.850000\"], \"hash_code\": [\"None\", \"01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f\"], \"id\": [\"None\", \"318\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Weak Cryptographic Primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 164\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.140000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19.848000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.070Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 372,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "319",
+ "object_id": 319,
+ "object_repr": "Use of Weak Cryptographic Primitive-G401",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.057000\"], \"hash_code\": [\"None\", \"493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4\"], \"id\": [\"None\", \"319\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Weak Cryptographic Primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 160\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.124000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.054000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.086Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 373,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "320",
+ "object_id": 320,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.248000\"], \"hash_code\": [\"None\", \"a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab\"], \"id\": [\"None\", \"320\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 35\\nIssue Confidence: HIGH\\n\\nCode:\\nw.Write(b)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.966000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.246000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.102Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 374,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "321",
+ "object_id": 321,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.441000\"], \"hash_code\": [\"None\", \"0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de\"], \"id\": [\"None\", \"321\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\\nLine number: 70\\nIssue Confidence: HIGH\\n\\nCode:\\nsqlmapDetected, _ := regexp.MatchString(\\\"sqlmap*\\\", userAgent)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.889000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.438000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/middleware/middleware.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.119Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 375,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "322",
+ "object_id": 322,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.634000\"], \"hash_code\": [\"None\", \"0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de\"], \"id\": [\"None\", \"322\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\\nLine number: 73\\nIssue Confidence: HIGH\\n\\nCode:\\nw.Write([]byte(\\\"Forbidden\\\"))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.048000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.631000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/middleware/middleware.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.135Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 376,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "323",
+ "object_id": 323,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.811000\"], \"hash_code\": [\"None\", \"2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95\"], \"id\": [\"None\", \"323\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/app.go\\nLine number: 79\\nIssue Confidence: HIGH\\n\\nCode:\\ns.ListenAndServe()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.857000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.808000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/app.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.151Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 377,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "324",
+ "object_id": 324,
+ "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.004000\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"id\": [\"None\", \"324\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 62\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(value)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.236000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.002000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.166Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 378,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "325",
+ "object_id": 325,
+ "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.191000\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"id\": [\"None\", \"325\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 63\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(vuln)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.203000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.189000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.181Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 379,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "326",
+ "object_id": 326,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.369000\"], \"hash_code\": [\"None\", \"6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed\"], \"id\": [\"None\", \"326\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/setting/setting.go\\nLine number: 66\\nIssue Confidence: HIGH\\n\\nCode:\\n_ = db.QueryRow(sql).Scan(&version)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.904000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.366000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/setting/setting.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.197Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 380,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "327",
+ "object_id": 327,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.561000\"], \"hash_code\": [\"None\", \"6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed\"], \"id\": [\"None\", \"327\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/setting/setting.go\\nLine number: 64\\nIssue Confidence: HIGH\\n\\nCode:\\ndb,_ := database.Connect()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.919000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.559000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/setting/setting.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.213Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 381,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "328",
+ "object_id": 328,
+ "object_repr": "Use of Weak Cryptographic Primitive-G401",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.744000\"], \"hash_code\": [\"None\", \"409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692\"], \"id\": [\"None\", \"328\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Weak Cryptographic Primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 62\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.109000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.741000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.229Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 382,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "329",
+ "object_id": 329,
+ "object_repr": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.930000\"], \"hash_code\": [\"None\", \"822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1\"], \"id\": [\"None\", \"329\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 7\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.032000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.928000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.245Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 383,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "330",
+ "object_id": 330,
+ "object_repr": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.124000\"], \"hash_code\": [\"None\", \"1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca\"], \"id\": [\"None\", \"330\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 8\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.048000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.121000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.261Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 384,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "331",
+ "object_id": 331,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.308000\"], \"hash_code\": [\"None\", \"9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a\"], \"id\": [\"None\", \"331\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/cookie.go\\nLine number: 42\\nIssue Confidence: HIGH\\n\\nCode:\\ncookie, _ := r.Cookie(name)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.014000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.306000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/cookie.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.278Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 385,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "332",
+ "object_id": 332,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.551000\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"id\": [\"None\", \"332\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 42\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.873000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.548000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.293Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 386,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "333",
+ "object_id": 333,
+ "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.773000\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"id\": [\"None\", \"333\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 100\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(inlineJS)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.156000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.771000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.309Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 387,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "334",
+ "object_id": 334,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.989000\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"id\": [\"None\", \"334\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 61\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.081000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.986000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.325Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 388,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "335",
+ "object_id": 335,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:23.204000\"], \"hash_code\": [\"None\", \"27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa\"], \"id\": [\"None\", \"335\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 161\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.065000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:23.200000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.342Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 389,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "336",
+ "object_id": 336,
+ "object_repr": "Errors Unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:23.489000\"], \"hash_code\": [\"None\", \"a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab\"], \"id\": [\"None\", \"336\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 41\\nIssue Confidence: HIGH\\n\\nCode:\\ntemplate.ExecuteTemplate(w, name, data)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.030000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:23.486000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.358Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 390,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "337",
+ "object_id": 337,
+ "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:23.721000\"], \"hash_code\": [\"None\", \"2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66\"], \"id\": [\"None\", \"337\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 45\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(text)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.172000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:23.717000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.373Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 391,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "338",
+ "object_id": 338,
+ "object_repr": "Password Field With Autocomplete Enabled",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:05.946000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"id\": [\"None\", \"338\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Password Field With Autocomplete Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field with autocomplete enabled:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\\\"off\\\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\\n\\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\\n\"], \"impact\": [\"None\", \"Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\\n\\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.111000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:05.943000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.390Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 392,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "339",
+ "object_id": 339,
+ "object_repr": "Frameable Response (Potential Clickjacking)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:06.237000\"], \"scanner_confidence\": [\"None\", \"4\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"id\": [\"None\", \"339\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Frameable Response (Potential Clickjacking)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/logout.jsp\\n\\n\\nURL: http://localhost:8888/\\n\\n\\nURL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\\n\"], \"impact\": [\"None\", \"If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\\n\\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \\\"framebusting\\\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\\n\\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \\n\"], \"references\": [\"None\", \"\\n\\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.622000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:06.233000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.407Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 393,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "340",
+ "object_id": 340,
+ "object_repr": "Cross-Site Scripting (Reflected)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:06.742000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c\"], \"id\": [\"None\", \"340\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Cross-Site Scripting (Reflected)\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\\n\\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \\\" ' and =, should be replaced with the corresponding HTML entities (< > etc).\\n\\n\\n\\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\\n\"], \"impact\": [\"None\", \"Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\\n\\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\\n\\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\\n\\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \\n\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.391000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:06.738000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.423Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 394,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "341",
+ "object_id": 341,
+ "object_repr": "Unencrypted Communications",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:07.038000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503\"], \"id\": [\"None\", \"341\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Unencrypted Communications\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\\n\"], \"impact\": [\"None\", \"The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\\n\\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \\n\\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\\n\"], \"references\": [\"None\", \"\\n\\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.189000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:07.036000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.439Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 395,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "342",
+ "object_id": 342,
+ "object_repr": "Password Returned in Later Response",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:07.297000\"], \"scanner_confidence\": [\"None\", \"7\"], \"hash_code\": [\"None\", \"a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428\"], \"id\": [\"None\", \"342\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Password Returned in Later Response\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\\n\"], \"impact\": [\"None\", \"Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.063000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:07.294000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.456Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 396,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "343",
+ "object_id": 343,
+ "object_repr": "Email Addresses Disclosed",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:07.547000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f\"], \"id\": [\"None\", \"343\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Email Addresses Disclosed\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@test.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\\n\\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \\n\"], \"impact\": [\"None\", \"The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\\n\\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.575000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:07.545000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.472Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 397,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "344",
+ "object_id": 344,
+ "object_repr": "Cross-Site Request Forgery",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:07.888000\"], \"scanner_confidence\": [\"None\", \"7\"], \"hash_code\": [\"None\", \"1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa\"], \"id\": [\"None\", \"344\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Cross-Site Request Forgery\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\\n\\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \\n\"], \"impact\": [\"None\", \"Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\\n\\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\\n\\n\\n\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.559000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:07.885000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.488Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 398,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "345",
+ "object_id": 345,
+ "object_repr": "SQL Injection",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:08.144000\"], \"scanner_confidence\": [\"None\", \"4\"], \"hash_code\": [\"None\", \"31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a\"], \"id\": [\"None\", \"345\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \\n \\nThe database appears to be Microsoft SQL Server.\\n\\n\"], \"mitigation\": [\"None\", \"The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \\n\\n\\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\\n\\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \\n\\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\\n\\n\\n\"], \"impact\": [\"None\", \"SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\\n\\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \\n\"], \"references\": [\"None\", \"\\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.406000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:08.140000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.505Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 399,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "346",
+ "object_id": 346,
+ "object_repr": "Path-Relative Style Sheet Import",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:08.440000\"], \"scanner_confidence\": [\"None\", \"7\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"id\": [\"None\", \"346\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Path-Relative Style Sheet Import\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/logout.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \\n\\n * Setting the HTTP response header \\\"X-Frame-Options: deny\\\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\\n * Setting a modern doctype (e.g. \\\"\\\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\\n * Setting the HTTP response header \\\"X-Content-Type-Options: no sniff\\\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\\n\\n\\n\"], \"impact\": [\"None\", \"Path-relative style sheet import vulnerabilities arise when the following conditions hold:\\n\\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \\\"/original-path/file.php\\\" might import \\\"styles/main.css\\\").\\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \\\"/original-path/file.php/extra-junk/\\\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \\\"/original-path/file.php/extra-junk/styles/main.css\\\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\\n\\n\\n\\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\\n\\n * Executing arbitrary JavaScript using IE's expression() function.\\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\\n\\n\\n\"], \"references\": [\"None\", \"\\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.658000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:08.437000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.523Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 400,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "347",
+ "object_id": 347,
+ "object_repr": "Cleartext Submission of Password",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:08.906000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"id\": [\"None\", \"347\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Cleartext Submission of Password\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\\n\"], \"impact\": [\"None\", \"Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.360000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:08.902000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.541Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 401,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding_template"
+ ],
+ "object_pk": "1",
+ "object_id": 1,
+ "object_repr": "XSS template",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"id\": [\"None\", \"1\"], \"title\": [\"None\", \"XSS template\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"XSS test template\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"template_match\": [\"None\", \"False\"], \"template_match_title\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.556Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 402,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding_template"
+ ],
+ "object_pk": "2",
+ "object_id": 2,
+ "object_repr": "SQLi template",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"id\": [\"None\", \"2\"], \"title\": [\"None\", \"SQLi template\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"SQLi test template\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"template_match\": [\"None\", \"False\"], \"template_match_title\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.561Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 403,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding_template"
+ ],
+ "object_pk": "3",
+ "object_id": 3,
+ "object_repr": "CSRF template",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"id\": [\"None\", \"3\"], \"title\": [\"None\", \"CSRF template\"], \"severity\": [\"None\", \"MEDIUM\"], \"description\": [\"None\", \"CSRF test template\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"template_match\": [\"None\", \"False\"], \"template_match_title\": [\"None\", \"False\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.566Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 404,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "risk_acceptance"
+ ],
+ "object_pk": "1",
+ "object_id": 1,
+ "object_repr": "Simple Builtin Risk Acceptance",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"name\": [\"None\", \"Simple Builtin Risk Acceptance\"], \"recommendation\": [\"None\", \"F\"], \"decision\": [\"None\", \"A\"], \"decision_details\": [\"None\", \"These findings are accepted using a simple risk acceptance without expiration date, approval document or compensating control information. Unaccept and use full risk acceptance if you need to have more control over those fields.\"], \"path\": [\"None\", \"\"], \"owner\": [\"None\", \"(admin)\"], \"reactivate_expired\": [\"None\", \"True\"], \"restart_sla_expired\": [\"None\", \"False\"], \"created\": [\"None\", \"2024-01-29 15:35:18.089000\"], \"updated\": [\"None\", \"2024-01-29 15:35:18.089000\"], \"id\": [\"None\", \"1\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-17T17:31:26.645Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 803,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "tagulous_product_tags"
+ ],
+ "object_pk": "1",
+ "object_id": 1,
+ "object_repr": "BodgeIt",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"BodgeIt\"], \"description\": [\"None\", \"[Features](https://github.com/psiinon/bodgeit) and characteristics:\\r\\n\\r\\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\\r\\n* Self contained (no additional dependencies other than to 2 in the above line)\\r\\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\\r\\n* Cross platform\\r\\n* Open source\\r\\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"], \"team_manager\": [\"None\", \"(product_manager)\"], \"prod_type\": [\"None\", \"Commerce\"], \"id\": [\"None\", \"1\"], \"tid\": [\"None\", \"0\"], \"prod_numeric_grade\": [\"None\", \"5\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"internal\"], \"user_records\": [\"None\", \"1000000000\"], \"revenue\": [\"None\", \"1000.00\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"True\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:04.490Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 804,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "tagulous_product_tags"
+ ],
+ "object_pk": "2",
+ "object_id": 2,
+ "object_repr": "Internal CRM App",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"Internal CRM App\"], \"description\": [\"None\", \"* New product in development that attempts to follow all best practices\"], \"product_manager\": [\"None\", \"(product_manager)\"], \"technical_contact\": [\"None\", \"(product_manager)\"], \"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Commerce\"], \"id\": [\"None\", \"2\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"medium\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"construction\"], \"origin\": [\"None\", \"internal\"], \"external_audience\": [\"None\", \"False\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:04.613Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 805,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "tagulous_product_tags"
+ ],
+ "object_pk": "3",
+ "object_id": 3,
+ "object_repr": "Apple Accounting Software",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"Apple Accounting Software\"], \"description\": [\"None\", \"Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\\r\\n\\r\\n**Core modules**\\r\\n\\r\\n* Accounts receivable\\u2014where the company enters money received\\r\\n* Accounts payable\\u2014where the company enters its bills and pays money it owes\\r\\n* General ledger\\u2014the company's \\\"books\\\"\\r\\n* Billing\\u2014where the company produces invoices to clients/customers\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"], \"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Billing\"], \"id\": [\"None\", \"3\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"purchased\"], \"user_records\": [\"None\", \"5000\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:04.640Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 806,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_pk": "1",
+ "object_id": 1,
+ "object_repr": "Engagement: 1st Quarter Engagement (Jun 30, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"1st Quarter Engagement\"], \"description\": [\"None\", \"test Engagement\"], \"target_start\": [\"None\", \"2021-06-30\"], \"target_end\": [\"None\", \"2021-06-30\"], \"lead\": [\"None\", \"product_manager\"], \"product\": [\"None\", \"Internal CRM App\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"In Progress\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"1\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:04.733Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 807,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_pk": "2",
+ "object_id": 2,
+ "object_repr": "Engagement: April Monthly Engagement (Jun 30, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"April Monthly Engagement\"], \"description\": [\"None\", \"Requested by the team for regular manual checkup by the security team.\"], \"target_start\": [\"None\", \"2021-06-30\"], \"target_end\": [\"None\", \"2021-06-30\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-03 16:53:40.301000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"2\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:04.791Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 808,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_pk": "3",
+ "object_id": 3,
+ "object_repr": "Engagement: weekly engagement (Jun 21, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"weekly engagement\"], \"description\": [\"None\", \"test Engagement\"], \"target_start\": [\"None\", \"2021-06-21\"], \"target_end\": [\"None\", \"2021-06-22\"], \"lead\": [\"None\", \"product_manager\"], \"product\": [\"None\", \"Internal CRM App\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"3\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:04.848Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 809,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_pk": "4",
+ "object_id": 4,
+ "object_repr": "Engagement: Static Scan (Nov 03, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Static Scan\"], \"description\": [\"None\", \"Initial static scan for Bodgeit.\"], \"version\": [\"None\", \"v.1.2.0\"], \"target_start\": [\"None\", \"2021-11-03\"], \"target_end\": [\"None\", \"2021-11-10\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-03 16:52:49.157000\"], \"created\": [\"None\", \"2021-11-03 16:38:51.078000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"4\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:04.907Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 810,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_pk": "6",
+ "object_id": 6,
+ "object_repr": "Engagement: Quarterly PCI Scan (Jan 19, 2022)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Quarterly PCI Scan\"], \"description\": [\"None\", \"Reccuring Quarterly Scan\"], \"target_start\": [\"None\", \"2022-01-19\"], \"target_end\": [\"None\", \"2022-01-26\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-03 17:04:37.770000\"], \"created\": [\"None\", \"2021-11-03 17:03:19.811000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Not Started\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"6\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:04.966Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 811,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_pk": "7",
+ "object_id": 7,
+ "object_repr": "Engagement: Ad Hoc Engagement (Nov 03, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Ad Hoc Engagement\"], \"target_start\": [\"None\", \"2021-11-03\"], \"target_end\": [\"None\", \"2021-11-03\"], \"product\": [\"None\", \"Internal CRM App\"], \"updated\": [\"None\", \"2021-11-03 17:14:05.567000\"], \"created\": [\"None\", \"2021-11-03 17:14:05.567000\"], \"active\": [\"None\", \"False\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"7\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.031Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 812,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_pk": "8",
+ "object_id": 8,
+ "object_repr": "Engagement: Initial Assessment (Dec 20, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Initial Assessment\"], \"description\": [\"None\", \"This application needs to be assesed to determine the security posture.\"], \"version\": [\"None\", \"10.2.1\"], \"target_start\": [\"None\", \"2021-12-20\"], \"target_end\": [\"None\", \"2021-12-27\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"Apple Accounting Software\"], \"updated\": [\"None\", \"2021-11-03 17:22:19.912000\"], \"created\": [\"None\", \"2021-11-03 17:20:41.547000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Not Started\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"8\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.084Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 813,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_pk": "10",
+ "object_id": 10,
+ "object_repr": "Engagement: Multiple scanners (Nov 04, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Multiple scanners\"], \"description\": [\"None\", \"Example engagement with multiple scan types.\"], \"version\": [\"None\", \"1.2.1\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-04\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 14:27:29.906000\"], \"created\": [\"None\", \"2021-11-04 14:22:26.204000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"10\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.144Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 814,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_pk": "11",
+ "object_id": 11,
+ "object_repr": "Engagement: Manual PenTest (Dec 30, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Manual PenTest\"], \"description\": [\"None\", \"Please do a manual pentest before our next release to prod.\"], \"version\": [\"None\", \"1.9.1\"], \"target_start\": [\"None\", \"2021-12-30\"], \"target_end\": [\"None\", \"2022-01-02\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 14:33:33.053000\"], \"created\": [\"None\", \"2021-11-04 14:32:02.311000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Blocked\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"11\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.216Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 815,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_pk": "12",
+ "object_id": 12,
+ "object_repr": "Engagement: CI/CD Baseline Security Test (Nov 04, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"CI/CD Baseline Security Test\"], \"description\": [\"None\", \"\"], \"version\": [\"None\", \"1.1.2\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-11\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 14:45:34.557000\"], \"created\": [\"None\", \"2021-11-04 14:44:16.567000\"], \"active\": [\"None\", \"False\"], \"tracker\": [\"None\", \"https://github.com/psiinon/bodgeit\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"CI/CD\"], \"build_id\": [\"None\", \"89\"], \"commit_hash\": [\"None\", \"b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6\"], \"branch_tag\": [\"None\", \"master\"], \"source_code_management_uri\": [\"None\", \"https://github.com/psiinon/bodgeit\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"12\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.275Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 816,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_pk": "13",
+ "object_id": 13,
+ "object_repr": "Engagement: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"AdHoc Import - Fri, 17 Aug 2018 18:20:55\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-04\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 18:20:55.877000\"], \"created\": [\"None\", \"2021-11-04 18:20:55.877000\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"In Progress\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"13\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.336Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 817,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "1",
+ "object_id": 1,
+ "object_repr": "http://127.0.0.1//endpoint/420/edit/",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"1\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"127.0.0.1\"], \"port\": [\"None\", \"80\"], \"path\": [\"None\", \"/endpoint/420/edit/\"], \"product\": [\"None\", \"Internal CRM App\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.366Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 818,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "2",
+ "object_id": 2,
+ "object_repr": "ftp://localhost//",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"2\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"ftp\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"21\"], \"path\": [\"None\", \"/\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.389Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 819,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "3",
+ "object_id": 3,
+ "object_repr": "ssh://127.0.0.1",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"3\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"ssh\"], \"host\": [\"None\", \"127.0.0.1\"], \"port\": [\"None\", \"22\"], \"product\": [\"None\", \"Apple Accounting Software\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.409Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 820,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "4",
+ "object_id": 4,
+ "object_repr": "http://localhost:8888//bodgeit/login.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"4\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/login.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.429Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 821,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "5",
+ "object_id": 5,
+ "object_repr": "127.0.0.1",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"5\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"host\": [\"None\", \"127.0.0.1\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.449Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 822,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "6",
+ "object_id": 6,
+ "object_repr": "http://localhost:8888//bodgeit/register.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"6\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/register.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.469Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 823,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "7",
+ "object_id": 7,
+ "object_repr": "http://localhost:8888//bodgeit/password.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"7\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/password.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.491Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 824,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "8",
+ "object_id": 8,
+ "object_repr": "http://localhost:8888//bodgeit/",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"8\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.512Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 825,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "9",
+ "object_id": 9,
+ "object_repr": "http://localhost:8888//bodgeit/basket.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"9\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/basket.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.533Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 826,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "10",
+ "object_id": 10,
+ "object_repr": "http://localhost:8888//bodgeit/advanced.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"10\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/advanced.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.556Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 827,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "11",
+ "object_id": 11,
+ "object_repr": "http://localhost:8888//bodgeit/admin.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"11\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/admin.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.575Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 828,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "12",
+ "object_id": 12,
+ "object_repr": "http://localhost:8888//bodgeit/about.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"12\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/about.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.596Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 829,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "13",
+ "object_id": 13,
+ "object_repr": "http://localhost:8888//bodgeit/contact.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"13\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/contact.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.617Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 830,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "14",
+ "object_id": 14,
+ "object_repr": "http://localhost:8888//bodgeit/home.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"14\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/home.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.636Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 831,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "15",
+ "object_id": 15,
+ "object_repr": "http://localhost:8888//bodgeit/product.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"15\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/product.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.657Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 832,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "16",
+ "object_id": 16,
+ "object_repr": "http://localhost:8888//bodgeit/score.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"16\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/score.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.676Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 833,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "17",
+ "object_id": 17,
+ "object_repr": "http://localhost:8888//bodgeit/search.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"17\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/search.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.696Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 834,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "18",
+ "object_id": 18,
+ "object_repr": "http://localhost:8888//",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"18\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.715Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 835,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_pk": "19",
+ "object_id": 19,
+ "object_repr": "http://localhost:8888//bodgeit/logout.jsp",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"19\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/logout.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.737Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 836,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "3",
+ "object_id": 3,
+ "object_repr": "API Test",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-02-18 00:00:00\"], \"target_end\": [\"None\", \"2021-02-27 00:00:00\"], \"estimated_time\": [\"None\", \"00:00:00\"], \"actual_time\": [\"None\", \"00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"3\"], \"engagement\": [\"None\", \"Engagement: 1st Quarter Engagement (Jun 30, 2021)\"], \"test_type\": [\"None\", \"API Test\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.775Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 837,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "13",
+ "object_id": 13,
+ "object_repr": "API Test",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-03-21 01:00:00\"], \"target_end\": [\"None\", \"2021-03-22 01:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"13\"], \"engagement\": [\"None\", \"Engagement: April Monthly Engagement (Jun 30, 2021)\"], \"lead\": [\"None\", \"product_manager\"], \"test_type\": [\"None\", \"API Test\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.802Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 838,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "14",
+ "object_id": 14,
+ "object_repr": "API Test",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-02-18 00:00:00\"], \"target_end\": [\"None\", \"2021-02-27 00:00:00\"], \"estimated_time\": [\"None\", \"02:00:00\"], \"actual_time\": [\"None\", \"00:30:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"14\"], \"engagement\": [\"None\", \"Engagement: 1st Quarter Engagement (Jun 30, 2021)\"], \"test_type\": [\"None\", \"API Test\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.826Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 839,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "15",
+ "object_id": 15,
+ "object_repr": "Checkmarx Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-11-03 00:00:00\"], \"target_end\": [\"None\", \"2021-11-03 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-03 16:39:20.994000\"], \"created\": [\"None\", \"2021-11-03 16:39:20.994000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"15\"], \"engagement\": [\"None\", \"Engagement: Static Scan (Nov 03, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Checkmarx Scan\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.852Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 840,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "16",
+ "object_id": 16,
+ "object_repr": "Checkmarx Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-11-03 00:00:00\"], \"target_end\": [\"None\", \"2021-11-03 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-03 16:41:15.570000\"], \"created\": [\"None\", \"2021-11-03 16:41:15.570000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"16\"], \"engagement\": [\"None\", \"Engagement: Static Scan (Nov 03, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Checkmarx Scan\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.878Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 841,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "18",
+ "object_id": 18,
+ "object_repr": "Qualys Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2022-01-19 00:00:00\"], \"target_end\": [\"None\", \"2022-01-24 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-03 17:04:24.434000\"], \"created\": [\"None\", \"2021-11-03 17:03:36.758000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"18\"], \"engagement\": [\"None\", \"Engagement: Quarterly PCI Scan (Jan 19, 2022)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Qualys Scan\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.903Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 842,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "19",
+ "object_id": 19,
+ "object_repr": "Pen Test",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-11-03 17:14:05.611000\"], \"target_end\": [\"None\", \"2021-11-03 17:14:05.611000\"], \"updated\": [\"None\", \"2021-11-03 17:14:05.611000\"], \"created\": [\"None\", \"2021-11-03 17:14:05.611000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"19\"], \"engagement\": [\"None\", \"Engagement: Ad Hoc Engagement (Nov 03, 2021)\"], \"test_type\": [\"None\", \"Pen Test\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.926Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 843,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "20",
+ "object_id": 20,
+ "object_repr": "API Test",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-03 17:20:59.532000\"], \"created\": [\"None\", \"2021-11-03 17:20:59.532000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"20\"], \"engagement\": [\"None\", \"Engagement: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"API Test\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.951Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 844,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "21",
+ "object_id": 21,
+ "object_repr": "Nmap Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Staging\"], \"updated\": [\"None\", \"2021-11-03 17:21:13.841000\"], \"created\": [\"None\", \"2021-11-03 17:21:13.841000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"21\"], \"engagement\": [\"None\", \"Engagement: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Nmap Scan\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:05.977Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 845,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "22",
+ "object_id": 22,
+ "object_repr": "Dependency Check Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-03 17:21:32.142000\"], \"created\": [\"None\", \"2021-11-03 17:21:32.142000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"22\"], \"engagement\": [\"None\", \"Engagement: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Dependency Check Scan\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.004Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 846,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "23",
+ "object_id": 23,
+ "object_repr": "ZAP Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-03 17:21:52.246000\"], \"created\": [\"None\", \"2021-11-03 17:21:52.246000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"23\"], \"engagement\": [\"None\", \"Engagement: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"ZAP Scan\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.031Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 847,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "25",
+ "object_id": 25,
+ "object_repr": "Dependency Check Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 14:22:26.245000\"], \"created\": [\"None\", \"2021-11-04 14:22:26.245000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"25\"], \"engagement\": [\"None\", \"Engagement: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Dependency Check Scan\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.052Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 848,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "26",
+ "object_id": 26,
+ "object_repr": "VCG Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 14:23:56.881000\"], \"created\": [\"None\", \"2021-11-04 14:23:56.881000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"26\"], \"engagement\": [\"None\", \"Engagement: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"VCG Scan\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.075Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 849,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "28",
+ "object_id": 28,
+ "object_repr": "Burp Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 14:25:07.948000\"], \"created\": [\"None\", \"2021-11-04 14:25:07.949000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"28\"], \"engagement\": [\"None\", \"Engagement: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Burp Scan\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.102Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 850,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "29",
+ "object_id": 29,
+ "object_repr": "Manual Code Review",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-11 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 14:32:14.420000\"], \"created\": [\"None\", \"2021-11-04 14:32:14.420000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"29\"], \"engagement\": [\"None\", \"Engagement: Manual PenTest (Dec 30, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Manual Code Review\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.127Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 851,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "30",
+ "object_id": 30,
+ "object_repr": "Pen Test",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-11 00:00:00\"], \"environment\": [\"None\", \"Pre-prod\"], \"updated\": [\"None\", \"2021-11-04 14:32:25.930000\"], \"created\": [\"None\", \"2021-11-04 14:32:25.930000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"30\"], \"engagement\": [\"None\", \"Engagement: Manual PenTest (Dec 30, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Pen Test\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.153Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 852,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "31",
+ "object_id": 31,
+ "object_repr": "Gosec Scanner",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 14:45:08.465000\"], \"created\": [\"None\", \"2021-11-04 14:45:08.465000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"31\"], \"engagement\": [\"None\", \"Engagement: CI/CD Baseline Security Test (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Gosec Scanner\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.178Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 853,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_pk": "32",
+ "object_id": 32,
+ "object_repr": "Burp Scan",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 18:20:55.916000\"], \"created\": [\"None\", \"2021-11-04 18:20:55.916000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"32\"], \"engagement\": [\"None\", \"Engagement: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Burp Scan\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.204Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 854,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "2",
+ "object_id": 2,
+ "object_repr": "High Impact test finding",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"2\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"hash_code\": [\"None\", \"91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.239Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 855,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "3",
+ "object_id": 3,
+ "object_repr": "High Impact test finding",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"3\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.282Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 856,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "4",
+ "object_id": 4,
+ "object_repr": "High Impact test finding",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"4\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.325Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 857,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "5",
+ "object_id": 5,
+ "object_repr": "High Impact test finding",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"5\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.367Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 858,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "6",
+ "object_id": 6,
+ "object_repr": "High Impact test finding",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"6\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.407Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 859,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "7",
+ "object_id": 7,
+ "object_repr": "DUMMY FINDING",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"DUMMY FINDING\"], \"date\": [\"None\", \"2021-03-20\"], \"cwe\": [\"None\", \"1\"], \"url\": [\"None\", \"http://www.example.com\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"TEST finding\"], \"mitigation\": [\"None\", \"MITIGATION\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"7\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(product_manager)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(product_manager)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"1\"], \"reporter\": [\"None\", \"product_manager\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0\"], \"line\": [\"None\", \"100\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.448Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 860,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "8",
+ "object_id": 8,
+ "object_repr": "SQL Injection (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"8\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.018000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.021000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.494Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 861,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "9",
+ "object_id": 9,
+ "object_repr": "Download of Code Without Integrity Check (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"9\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.194000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.200000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.537Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 862,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "10",
+ "object_id": 10,
+ "object_repr": "Missing X Frame Options (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"10\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.376000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.379000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.575Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 863,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "11",
+ "object_id": 11,
+ "object_repr": "Information Exposure Through an Error Message (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\\n\\n**Line Number:** 132\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 132\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 134\\n**Column:** 13\\n**Source Object:** e\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n**Line Number:** 134\\n**Column:** 30\\n**Source Object:** printStackTrace\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"11\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.553000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc\"], \"line\": [\"None\", \"134\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.555000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.617Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 864,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "12",
+ "object_id": 12,
+ "object_repr": "Improper Resource Shutdown or Release (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\\n\\n**Line Number:** 1\\n**Column:** 688\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1608\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 13\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT COUNT (*) FROM Products\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 25\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"12\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.696000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27\"], \"line\": [\"None\", \"25\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.699000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.663Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 865,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "13",
+ "object_id": 13,
+ "object_repr": "Reflected XSS All Clients (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"13\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.866000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.869000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.707Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 866,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "14",
+ "object_id": 14,
+ "object_repr": "HttpOnlyCookies (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\\n\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"14\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.030000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924\"], \"line\": [\"None\", \"46\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.033000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.748Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 867,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "15",
+ "object_id": 15,
+ "object_repr": "CGI Reflected XSS All Clients (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"15\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.182000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.186000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.789Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 868,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "16",
+ "object_id": 16,
+ "object_repr": "Hardcoded password in Connection String (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 725\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"16\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.333000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.336000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.832Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 869,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "17",
+ "object_id": 17,
+ "object_repr": "Client Insecure Randomness (encryption.js)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client Insecure Randomness (encryption.js)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\\n\\n**Line Number:** 127\\n**Column:** 28\\n**Source Object:** random\\n**Number:** 127\\n**Code:** var h = Math.floor(Math.random() * 65535);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"17\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.487000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6\"], \"line\": [\"None\", \"127\"], \"file_path\": [\"None\", \"/root/js/encryption.js\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.491000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.874Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 870,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "18",
+ "object_id": 18,
+ "object_repr": "SQL Injection (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"18\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.637000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.640000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.915Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 871,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "19",
+ "object_id": 19,
+ "object_repr": "Stored XSS (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"19\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.801000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.804000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:06.962Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 872,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "20",
+ "object_id": 20,
+ "object_repr": "CGI Stored XSS (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"20\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.958000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.961000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.005Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 873,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "21",
+ "object_id": 21,
+ "object_repr": "Not Using a Random IV with CBC Mode (AES.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Not Using a Random IV with CBC Mode (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"329\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\\n\\n**Line Number:** 96\\n**Column:** 71\\n**Source Object:** ivBytes\\n**Number:** 96\\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"21\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.130000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.133000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.046Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 874,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "22",
+ "object_id": 22,
+ "object_repr": "Collapse of Data into Unsafe Value (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Collapse of Data into Unsafe Value (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"182\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\\n\\n**Line Number:** 19\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"22\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.292000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.296000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.085Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 875,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "23",
+ "object_id": 23,
+ "object_repr": "Stored Boundary Violation (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"646\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Stored\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"23\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.468000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.471000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.129Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 876,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "24",
+ "object_id": 24,
+ "object_repr": "Hardcoded password in Connection String (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 722\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"24\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.658000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.662000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.170Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 877,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "25",
+ "object_id": 25,
+ "object_repr": "Blind SQL Injections (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"25\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.816000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.819000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.212Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 878,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "26",
+ "object_id": 26,
+ "object_repr": "Heap Inspection (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\\n\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"26\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.992000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e\"], \"line\": [\"None\", \"10\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.994000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.256Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 879,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "27",
+ "object_id": 27,
+ "object_repr": "Use of Cryptographically Weak PRNG (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"27\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:26.155000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:26.160000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.301Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 880,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "28",
+ "object_id": 28,
+ "object_repr": "Trust Boundary Violation (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Trust Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"501\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"28\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:26.331000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:26.335000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.421Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 881,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "29",
+ "object_id": 29,
+ "object_repr": "Information Exposure Through an Error Message (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\\n\\n**Line Number:** 52\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 52\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 53\\n**Column:** 387\\n**Source Object:** e\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n**Line Number:** 53\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"29\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:26.578000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:26.582000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.463Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 882,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "30",
+ "object_id": 30,
+ "object_repr": "Reliance on Cookies in a Decision (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\\n\\n**Line Number:** 38\\n**Column:** 388\\n**Source Object:** getCookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 41\\n**Column:** 373\\n**Source Object:** cookies\\n**Number:** 41\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 42\\n**Column:** 392\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 42\\n**Column:** 357\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 43\\n**Column:** 365\\n**Source Object:** cookie\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 280\\n**Column:** 356\\n**Source Object:** stmt\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n**Line Number:** 280\\n**Column:** 361\\n**Source Object:** !=\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"30\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:26.825000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717\"], \"line\": [\"None\", \"280\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:26.828000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.505Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 883,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "31",
+ "object_id": 31,
+ "object_repr": "Empty Password In Connection String (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"31\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.014000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.017000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.552Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 884,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "32",
+ "object_id": 32,
+ "object_repr": "Improper Resource Access Authorization (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\\n\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"32\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.208000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.212000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.594Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 885,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "33",
+ "object_id": 33,
+ "object_repr": "Client Cross Frame Scripting Attack (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client Cross Frame Scripting Attack (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** JavaScript\\n**Group:** JavaScript Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\\n\\n**Line Number:** 1\\n**Column:** 1\\n**Source Object:** CxJSNS_1557034993\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"33\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.403000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.407000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.639Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 886,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "34",
+ "object_id": 34,
+ "object_repr": "Hardcoded password in Connection String (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\\n\\n**Line Number:** 1\\n**Column:** 737\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 707\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"34\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.637000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.642000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.684Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 887,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "35",
+ "object_id": 35,
+ "object_repr": "HttpOnlyCookies In Config (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"35\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.922000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.926000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.727Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 888,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "36",
+ "object_id": 36,
+ "object_repr": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\\n\\n**Line Number:** 40\\n**Column:** 13\\n**Source Object:** connection\\n**Number:** 40\\n**Code:** this.connection = conn;\\n-----\\n**Line Number:** 43\\n**Column:** 31\\n**Source Object:** getParameters\\n**Number:** 43\\n**Code:** this.getParameters();\\n-----\\n**Line Number:** 44\\n**Column:** 28\\n**Source Object:** setResults\\n**Number:** 44\\n**Code:** this.setResults();\\n-----\\n**Line Number:** 188\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 188\\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\\n-----\\n**Line Number:** 198\\n**Column:** 61\\n**Source Object:** isAjax\\n**Number:** 198\\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\\\", \\\") : result.getTrHTML());\\n-----\\n**Line Number:** 201\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 201\\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\\n-----\\n**Line Number:** 45\\n**Column:** 27\\n**Source Object:** setScores\\n**Number:** 45\\n**Code:** this.setScores();\\n-----\\n**Line Number:** 129\\n**Column:** 28\\n**Source Object:** isDebug\\n**Number:** 129\\n**Code:** if(this.isDebug()){\\n-----\\n**Line Number:** 130\\n**Column:** 21\\n**Source Object:** connection\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 48\\n**Source Object:** createStatement\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 58\\n**Source Object:** execute\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"36\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.129000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08\"], \"line\": [\"None\", \"130\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.133000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.761Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 889,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "37",
+ "object_id": 37,
+ "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\\n\\n**Line Number:** 56\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 56\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"37\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.322000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.325000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.801Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 890,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "38",
+ "object_id": 38,
+ "object_repr": "CGI Reflected XSS All Clients (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"38\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.510000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.514000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.841Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 891,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "39",
+ "object_id": 39,
+ "object_repr": "Suspected XSS (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Suspected XSS (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\\n\\n**Line Number:** 57\\n**Column:** 360\\n**Source Object:** username\\n**Number:** 57\\n**Code:** | <%=username%> | \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"39\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.708000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.712000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.882Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 892,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "40",
+ "object_id": 40,
+ "object_repr": "Hardcoded password in Connection String (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 704\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"40\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.926000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.930000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.923Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 893,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "41",
+ "object_id": 41,
+ "object_repr": "Hardcoded password in Connection String (dbconnection.jspf)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"41\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.121000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.125000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:07.966Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 894,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "42",
+ "object_id": 42,
+ "object_repr": "Empty Password In Connection String (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"42\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.322000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.326000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.010Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 895,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "43",
+ "object_id": 43,
+ "object_repr": "Download of Code Without Integrity Check (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\\n\\n**Line Number:** 1\\n**Column:** 640\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"43\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.533000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.538000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.050Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 896,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "44",
+ "object_id": 44,
+ "object_repr": "Information Exposure Through an Error Message (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\\n\\n**Line Number:** 39\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 39\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 41\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 41\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"44\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.726000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63\"], \"line\": [\"None\", \"41\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.729000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.091Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 897,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "45",
+ "object_id": 45,
+ "object_repr": "SQL Injection (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"45\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.875000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.879000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.133Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 898,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "46",
+ "object_id": 46,
+ "object_repr": "Empty Password In Connection String (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"46\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.044000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.047000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.175Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 899,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "47",
+ "object_id": 47,
+ "object_repr": "CGI Stored XSS (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"47\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.240000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.245000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.218Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 900,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "48",
+ "object_id": 48,
+ "object_repr": "Plaintext Storage in a Cookie (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Plaintext Storage in a Cookie (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"315\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\\n\\n**Line Number:** 82\\n**Column:** 364\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 82\\n**Column:** 353\\n**Source Object:** basketId\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 84\\n**Column:** 391\\n**Source Object:** basketId\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"48\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.432000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.436000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.262Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 901,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "49",
+ "object_id": 49,
+ "object_repr": "Information Exposure Through an Error Message (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\\n\\n**Line Number:** 72\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 72\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 75\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 75\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"49\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.604000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c\"], \"line\": [\"None\", \"75\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.607000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.303Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 902,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "50",
+ "object_id": 50,
+ "object_repr": "Hardcoded password in Connection String (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\\n\\n**Line Number:** 1\\n**Column:** 792\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 762\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"50\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.782000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.786000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.345Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 903,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "51",
+ "object_id": 51,
+ "object_repr": "Stored XSS (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"51\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.966000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.970000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.392Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 904,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "52",
+ "object_id": 52,
+ "object_repr": "Download of Code Without Integrity Check (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\\n\\n**Line Number:** 1\\n**Column:** 621\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"52\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.141000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.146000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.426Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 905,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "53",
+ "object_id": 53,
+ "object_repr": "Empty Password In Connection String (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"53\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.296000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.300000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.468Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 906,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "54",
+ "object_id": 54,
+ "object_repr": "Heap Inspection (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\\n\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"54\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.450000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2\"], \"line\": [\"None\", \"8\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.453000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.512Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 907,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "55",
+ "object_id": 55,
+ "object_repr": "Download of Code Without Integrity Check (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\\n\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"55\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.606000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.609000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.552Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 908,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "56",
+ "object_id": 56,
+ "object_repr": "Session Fixation (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Session Fixation (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\\n\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** setAttribute\\n**Number:** 48\\n**Code:** this.session.setAttribute(\\\"key\\\", this.encryptKey);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"56\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.763000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.766000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.593Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 909,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "57",
+ "object_id": 57,
+ "object_repr": "Stored XSS (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\\n\\n**Line Number:** 34\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 34\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 38\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 38\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 42\\n**Column:** 398\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** \\\" | \\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 42\\n**Column:** 410\\n**Source Object:** getString\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 392\\n**Source Object:** concat\\n**Number:** 39\\n**Code:** output = output.concat(\\\"| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 39\\n**Column:** 370\\n**Source Object:** output\\n**Number:** 39\\n**Code:** output = output.concat(\\\" |
| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 49\\n**Column:** 355\\n**Source Object:** output\\n**Number:** 49\\n**Code:** <%= output %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"57\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.922000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.925000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.641Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 910,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "58",
+ "object_id": 58,
+ "object_repr": "Empty Password In Connection String (dbconnection.jspf)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"58\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.098000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.100000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.685Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 911,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "59",
+ "object_id": 59,
+ "object_repr": "Hardcoded password in Connection String (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2619\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"59\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.248000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.251000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.729Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 912,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "60",
+ "object_id": 60,
+ "object_repr": "Reflected XSS All Clients (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\" |
| \\\" + comments + \\\" |
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" |
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"60\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.401000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.403000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.771Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 913,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "61",
+ "object_id": 61,
+ "object_repr": "HttpOnlyCookies (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\\n\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"61\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.558000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932\"], \"line\": [\"None\", \"38\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.561000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.817Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 914,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "62",
+ "object_id": 62,
+ "object_repr": "Download of Code Without Integrity Check (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"62\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.729000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.733000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.859Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 915,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "63",
+ "object_id": 63,
+ "object_repr": "Stored XSS (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"63\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.884000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.888000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.900Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 916,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "64",
+ "object_id": 64,
+ "object_repr": "Empty Password In Connection String (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"64\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.048000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.051000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.941Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 917,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "65",
+ "object_id": 65,
+ "object_repr": "Reflected XSS All Clients (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"65\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.224000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.227000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:08.984Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 918,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "66",
+ "object_id": 66,
+ "object_repr": "Improper Resource Access Authorization (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"66\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.384000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628\"], \"line\": [\"None\", \"42\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.387000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.028Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 919,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "67",
+ "object_id": 67,
+ "object_repr": "Download of Code Without Integrity Check (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\\n\\n**Line Number:** 1\\n**Column:** 625\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"67\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.543000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.546000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.067Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 920,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "68",
+ "object_id": 68,
+ "object_repr": "Download of Code Without Integrity Check (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"68\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.698000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.700000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.108Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 921,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "69",
+ "object_id": 69,
+ "object_repr": "Improper Resource Access Authorization (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\\n\\n**Line Number:** 55\\n**Column:** 385\\n**Source Object:** executeQuery\\n**Number:** 55\\n**Code:** ResultSet rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE basketid = \\\" + basketId);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"69\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.859000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f\"], \"line\": [\"None\", \"55\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.862000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.150Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 922,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "70",
+ "object_id": 70,
+ "object_repr": "Race Condition Format Flaw (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\\n\\n**Line Number:** 262\\n**Column:** 399\\n**Source Object:** format\\n**Number:** 262\\n**Code:** out.println(\\\" | \\\" + nf.format(pricetopay) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"70\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.023000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a\"], \"line\": [\"None\", \"262\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.026000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.196Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 923,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "71",
+ "object_id": 71,
+ "object_repr": "Empty Password In Connection String (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\\n\\n**Line Number:** 89\\n**Column:** 1\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 89\\n**Code:** c = DriverManager.getConnection(\\\"jdbc:hsqldb:mem:SQL\\\", \\\"sa\\\", \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"71\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.180000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.183000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.237Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 924,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "72",
+ "object_id": 72,
+ "object_repr": "Improper Resource Access Authorization (FunctionalZAP.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (FunctionalZAP.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\\n\\n**Line Number:** 31\\n**Column:** 37\\n**Source Object:** getProperty\\n**Number:** 31\\n**Code:** String target = System.getProperty(\\\"zap.targetApp\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"72\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.358000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.362000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.277Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 925,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "73",
+ "object_id": 73,
+ "object_repr": "Suspected XSS (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Suspected XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** username\\n**Number:** 7\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 89\\n**Column:** 356\\n**Source Object:** username\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"73\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.519000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.522000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.319Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 926,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "74",
+ "object_id": 74,
+ "object_repr": "Use of Cryptographically Weak PRNG (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"74\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.678000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.681000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.364Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 927,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "75",
+ "object_id": 75,
+ "object_repr": "CGI Stored XSS (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"75\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.836000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.839000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.405Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 928,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "76",
+ "object_id": 76,
+ "object_repr": "Improper Resource Shutdown or Release (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\\n\\n**Line Number:** 1\\n**Column:** 2588\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2872\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3278\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3375\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3473\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3575\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3673\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3769\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3866\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3972\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4357\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4511\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4668\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4823\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5127\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5279\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5431\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5583\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5733\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5883\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6033\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6183\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6333\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6483\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6633\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6783\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6940\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7096\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7257\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7580\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7730\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7880\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8029\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8179\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8340\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8495\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8656\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8813\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8966\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9121\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9272\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9653\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9814\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9976\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10140\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10506\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10846\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10986\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11126\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11266\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11407\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11761\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11779\\n**Source Object:** prepareStatement\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11899\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"76\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.026000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.030000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.452Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 929,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "77",
+ "object_id": 77,
+ "object_repr": "Download of Code Without Integrity Check (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\\n\\n**Line Number:** 87\\n**Column:** 10\\n**Source Object:** forName\\n**Number:** 87\\n**Code:** Class.forName(\\\"org.hsqldb.jdbcDriver\\\" );\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"77\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.225000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2\"], \"line\": [\"None\", \"87\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.229000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.501Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 930,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "78",
+ "object_id": 78,
+ "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\\n\\n**Line Number:** 1\\n**Column:** 728\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1648\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 53\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 53\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 240\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 274\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 274\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"78\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.386000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.392000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.542Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 931,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "79",
+ "object_id": 79,
+ "object_repr": "Blind SQL Injections (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"79\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.595000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.598000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.585Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 932,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "80",
+ "object_id": 80,
+ "object_repr": "Client DOM Open Redirect (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client DOM Open Redirect (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"601\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\\n\\n**Line Number:** 48\\n**Column:** 63\\n**Source Object:** href\\n**Number:** 48\\n**Code:** New Search\\n-----\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** location\\n**Number:** 48\\n**Code:** New Search\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"80\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.766000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.769000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.633Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 933,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "81",
+ "object_id": 81,
+ "object_repr": "Hardcoded password in Connection String (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"81\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.923000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.926000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.680Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 934,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "82",
+ "object_id": 82,
+ "object_repr": "CGI Stored XSS (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"82\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.095000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.098000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.721Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 935,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "83",
+ "object_id": 83,
+ "object_repr": "Use of Insufficiently Random Values (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"83\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.237000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.240000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.762Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 936,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "84",
+ "object_id": 84,
+ "object_repr": "Missing X Frame Options (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"84\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.375000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.378000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.801Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 937,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "85",
+ "object_id": 85,
+ "object_repr": "Reflected XSS All Clients (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\\n\\n**Line Number:** 10\\n**Column:** 395\\n**Source Object:** \\\"\\\"q\\\"\\\"\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 394\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** query\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 362\\n**Source Object:** query\\n**Number:** 13\\n**Code:** if (query.replaceAll(\\\"\\\\\\\\s\\\", \\\"\\\").toLowerCase().indexOf(\\\"\\\") >= 0) {\\n-----\\n**Line Number:** 18\\n**Column:** 380\\n**Source Object:** query\\n**Number:** 18\\n**Code:** You searched for: <%= query %>
\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"85\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.521000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06\"], \"line\": [\"None\", \"18\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.524000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.839Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 938,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "86",
+ "object_id": 86,
+ "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\\n\\n**Line Number:** 84\\n**Column:** 372\\n**Source Object:** Cookie\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"86\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.670000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.673000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.878Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 939,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "87",
+ "object_id": 87,
+ "object_repr": "Information Exposure Through an Error Message (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\\n\\n**Line Number:** 35\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 35\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 37\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"87\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.844000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.848000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.917Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 940,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "88",
+ "object_id": 88,
+ "object_repr": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\\n\\n**Line Number:** 47\\n**Column:** 70\\n**Source Object:** 0\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 69\\n**Source Object:** substring\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 17\\n**Source Object:** encryptKey\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 17\\n**Column:** 374\\n**Source Object:** AdvancedSearch\\n**Number:** 17\\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\\n-----\\n**Line Number:** 18\\n**Column:** 357\\n**Source Object:** as\\n**Number:** 18\\n**Code:** if(as.isAjax()){\\n-----\\n**Line Number:** 26\\n**Column:** 20\\n**Source Object:** encryptKey\\n**Number:** 26\\n**Code:** private String encryptKey = null;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"88\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.010000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be\"], \"line\": [\"None\", \"26\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.013000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:09.958Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 941,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "89",
+ "object_id": 89,
+ "object_repr": "Reliance on Cookies in a Decision (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\\n\\n**Line Number:** 46\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 49\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 49\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 50\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 50\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 51\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 56\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 56\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"89\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.158000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.160000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.003Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 942,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "90",
+ "object_id": 90,
+ "object_repr": "Stored XSS (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\\n\\n**Line Number:** 63\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 63\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 66\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 66\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 68\\n**Column:** 411\\n**Source Object:** rs\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 423\\n**Source Object:** getString\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"90\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.311000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e\"], \"line\": [\"None\", \"68\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.314000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.044Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 943,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "91",
+ "object_id": 91,
+ "object_repr": "CGI Stored XSS (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"91\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.460000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.463000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.082Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 944,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "92",
+ "object_id": 92,
+ "object_repr": "Heap Inspection (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"92\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.597000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd\"], \"line\": [\"None\", \"7\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.600000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.126Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 945,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "93",
+ "object_id": 93,
+ "object_repr": "Improper Resource Shutdown or Release (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\\n\\n**Line Number:** 1\\n**Column:** 721\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1641\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 20\\n**Column:** 371\\n**Source Object:** conn\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 391\\n**Source Object:** createStatement\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 364\\n**Source Object:** stmt\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 34\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 57\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 57\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"93\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.742000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.745000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.168Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 946,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "94",
+ "object_id": 94,
+ "object_repr": "Information Exposure Through an Error Message (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\\n\\n**Line Number:** 64\\n**Column:** 374\\n**Source Object:** e\\n**Number:** 64\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 65\\n**Column:** 357\\n**Source Object:** e\\n**Number:** 65\\n**Code:** if (e.getMessage().indexOf(\\\"Unique constraint violation\\\") >= 0) {\\n-----\\n**Line Number:** 70\\n**Column:** 392\\n**Source Object:** e\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 70\\n**Column:** 366\\n**Source Object:** println\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"94\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.887000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19\"], \"line\": [\"None\", \"70\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.890000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.208Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 947,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "95",
+ "object_id": 95,
+ "object_repr": "Improper Resource Access Authorization (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\\n\\n**Line Number:** 1\\n**Column:** 3261\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"95\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.043000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.046000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.248Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 948,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "96",
+ "object_id": 96,
+ "object_repr": "CGI Stored XSS (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 14\\n**Column:** 38\\n**Source Object:** getAttribute\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 10\\n**Source Object:** username\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 52\\n**Source Object:** username\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 8\\n**Source Object:** println\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"96\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.203000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.207000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.289Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 949,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "97",
+ "object_id": 97,
+ "object_repr": "Blind SQL Injections (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"97\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.359000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.363000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.329Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 950,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "98",
+ "object_id": 98,
+ "object_repr": "HttpOnlyCookies In Config (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"98\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.517000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.522000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.369Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 951,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "99",
+ "object_id": 99,
+ "object_repr": "Use of Hard coded Cryptographic Key (AES.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\\n\\n**Line Number:** 50\\n**Column:** 43\\n**Source Object:** \\\"\\\"AES/ECB/NoPadding\\\"\\\"\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 42\\n**Source Object:** getInstance\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 19\\n**Source Object:** c2\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"99\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.676000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.678000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.411Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 952,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "100",
+ "object_id": 100,
+ "object_repr": "Improper Resource Shutdown or Release (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\\n\\n**Line Number:** 13\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"100\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.846000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.849000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.452Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 953,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "101",
+ "object_id": 101,
+ "object_repr": "CGI Reflected XSS All Clients (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"101\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.003000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.006000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.494Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 954,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "102",
+ "object_id": 102,
+ "object_repr": "Stored XSS (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\" | \\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"102\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.161000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.163000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.538Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 955,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "103",
+ "object_id": 103,
+ "object_repr": "Information Exposure Through an Error Message (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\\n\\n**Line Number:** 62\\n**Column:** 371\\n**Source Object:** e\\n**Number:** 62\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 65\\n**Column:** 391\\n**Source Object:** e\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 65\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"103\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.318000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd\"], \"line\": [\"None\", \"65\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.321000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.576Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 956,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "104",
+ "object_id": 104,
+ "object_repr": "Improper Resource Access Authorization (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\\n\\n**Line Number:** 14\\n**Column:** 396\\n**Source Object:** execute\\n**Number:** 14\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"104\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.488000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.492000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.623Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 957,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "105",
+ "object_id": 105,
+ "object_repr": "Improper Resource Access Authorization (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\\n\\n**Line Number:** 14\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"105\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.658000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.661000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.668Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 958,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "106",
+ "object_id": 106,
+ "object_repr": "Improper Resource Shutdown or Release (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\\n\\n**Line Number:** 1\\n**Column:** 669\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1589\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 15\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 15\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Users\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 27\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Baskets\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 40\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 40\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"106\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.818000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6\"], \"line\": [\"None\", \"40\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.821000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.711Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 959,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "107",
+ "object_id": 107,
+ "object_repr": "Information Exposure Through an Error Message (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\\n\\n**Line Number:** 55\\n**Column:** 377\\n**Source Object:** e\\n**Number:** 55\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 58\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 58\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"107\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.982000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2\"], \"line\": [\"None\", \"58\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.984000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.751Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 960,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "108",
+ "object_id": 108,
+ "object_repr": "Blind SQL Injections (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"108\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.124000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.129000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.791Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 961,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "109",
+ "object_id": 109,
+ "object_repr": "Reliance on Cookies in a Decision (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\\n\\n**Line Number:** 35\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 39\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 40\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 45\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 45\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"109\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.275000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9\"], \"line\": [\"None\", \"45\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.278000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.837Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 962,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "110",
+ "object_id": 110,
+ "object_repr": "Download of Code Without Integrity Check (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"110\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.420000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.423000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.878Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 963,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "111",
+ "object_id": 111,
+ "object_repr": "Unsynchronized Access To Shared Data (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Unsynchronized Access To Shared Data (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"567\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\\n\\n**Line Number:** 93\\n**Column:** 24\\n**Source Object:** jsonEmpty\\n**Number:** 93\\n**Code:** return this.jsonEmpty;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"111\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.561000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87\"], \"line\": [\"None\", \"93\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.564000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.918Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 964,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "112",
+ "object_id": 112,
+ "object_repr": "Empty Password In Connection String (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"112\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.700000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.703000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.957Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 965,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "113",
+ "object_id": 113,
+ "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\\n\\n**Line Number:** 1\\n**Column:** 670\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1590\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 12\\n**Column:** 368\\n**Source Object:** conn\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 388\\n**Source Object:** createStatement\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 361\\n**Source Object:** stmt\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 15\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 383\\n**Source Object:** getInt\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 360\\n**Source Object:** userid\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 23\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 23\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n**Line Number:** 37\\n**Column:** 396\\n**Source Object:** getAttribute\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 358\\n**Source Object:** userid\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 420\\n**Source Object:** userid\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 376\\n**Source Object:** executeQuery\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 111\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 111\\n**Code:** rs.next();\\n-----\\n**Line Number:** 112\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 379\\n**Source Object:** getInt\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"113\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.853000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.856000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:10.999Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 966,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "114",
+ "object_id": 114,
+ "object_repr": "Improper Resource Access Authorization (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"114\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.011000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.014000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.042Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 967,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "115",
+ "object_id": 115,
+ "object_repr": "Session Fixation (logout.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Session Fixation (logout.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\\n\\n**Line Number:** 3\\n**Column:** 370\\n**Source Object:** setAttribute\\n**Number:** 3\\n**Code:** session.setAttribute(\\\"username\\\", null);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"115\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.185000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10\"], \"line\": [\"None\", \"3\"], \"file_path\": [\"None\", \"/root/logout.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.188000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.081Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 968,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "116",
+ "object_id": 116,
+ "object_repr": "Hardcoded password in Connection String (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"116\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.344000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.351000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.122Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 969,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "117",
+ "object_id": 117,
+ "object_repr": "Hardcoded password in Connection String (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 860\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"117\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.528000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.531000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.162Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 970,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "118",
+ "object_id": 118,
+ "object_repr": "Improper Resource Access Authorization (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"118\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.730000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.734000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.207Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 971,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "119",
+ "object_id": 119,
+ "object_repr": "Improper Resource Access Authorization (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\\n\\n**Line Number:** 91\\n**Column:** 14\\n**Source Object:** executeQuery\\n**Number:** 91\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"119\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.957000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9\"], \"line\": [\"None\", \"91\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.960000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.252Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 972,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "120",
+ "object_id": 120,
+ "object_repr": "Empty Password In Connection String (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"120\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.131000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.135000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.292Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 973,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "121",
+ "object_id": 121,
+ "object_repr": "Improper Resource Shutdown or Release (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\\n\\n**Line Number:** 21\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"121\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.312000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.315000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.335Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 974,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "122",
+ "object_id": 122,
+ "object_repr": "Improper Resource Shutdown or Release (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\\n\\n**Line Number:** 1\\n**Column:** 691\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1611\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 97\\n**Column:** 353\\n**Source Object:** conn\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 373\\n**Source Object:** createStatement\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"122\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.483000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28\"], \"line\": [\"None\", \"97\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.487000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.373Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 975,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "123",
+ "object_id": 123,
+ "object_repr": "Empty Password In Connection String (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"123\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.633000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.636000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.413Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 976,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "124",
+ "object_id": 124,
+ "object_repr": "Information Exposure Through an Error Message (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\\n\\n**Line Number:** 60\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 60\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 63\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 63\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"124\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.778000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb\"], \"line\": [\"None\", \"63\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.781000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.452Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 977,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "125",
+ "object_id": 125,
+ "object_repr": "Use of Insufficiently Random Values (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"125\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.939000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.943000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.498Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 978,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "126",
+ "object_id": 126,
+ "object_repr": "Stored XSS (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 89\\n**Column:** 401\\n**Source Object:** getAttribute\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"126\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.093000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.096000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.542Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 979,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "127",
+ "object_id": 127,
+ "object_repr": "HttpOnlyCookies (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\\n\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"127\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.234000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3\"], \"line\": [\"None\", \"35\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.237000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.581Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 980,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "128",
+ "object_id": 128,
+ "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\\n\\n**Line Number:** 61\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 61\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"128\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.397000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99\"], \"line\": [\"None\", \"61\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.400000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.624Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 981,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "129",
+ "object_id": 129,
+ "object_repr": "Information Exposure Through an Error Message (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\\n\\n**Line Number:** 96\\n**Column:** 18\\n**Source Object:** e\\n**Number:** 96\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 99\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 99\\n**Column:** 9\\n**Source Object:** println\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"129\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.543000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215\"], \"line\": [\"None\", \"99\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.546000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.671Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 982,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "130",
+ "object_id": 130,
+ "object_repr": "Race Condition Format Flaw (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\\n\\n**Line Number:** 51\\n**Column:** 400\\n**Source Object:** format\\n**Number:** 51\\n**Code:** \\\"\\\" + nf.format(price) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"130\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.700000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1\"], \"line\": [\"None\", \"51\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.703000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.711Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 983,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "131",
+ "object_id": 131,
+ "object_repr": "Stored XSS (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"131\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.855000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.859000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.751Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 984,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "132",
+ "object_id": 132,
+ "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1593\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 26\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 29\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 31\\n**Code:** rs.next();\\n-----\\n**Line Number:** 32\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 377\\n**Source Object:** getInt\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 353\\n**Source Object:** userid\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 36\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 36\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"132\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.034000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.037000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.791Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 985,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "133",
+ "object_id": 133,
+ "object_repr": "Heap Inspection (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\\n\\n**Line Number:** 1\\n**Column:** 563\\n**Source Object:** passwordSize\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"133\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.200000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.203000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.831Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 986,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "134",
+ "object_id": 134,
+ "object_repr": "CGI Reflected XSS All Clients (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"134\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.346000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.349000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.872Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 987,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "135",
+ "object_id": 135,
+ "object_repr": "Empty Password In Connection String (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"135\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.499000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.502000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.912Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 988,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "136",
+ "object_id": 136,
+ "object_repr": "Information Exposure Through an Error Message (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\\n\\n**Line Number:** 95\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 95\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 98\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 98\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"136\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.647000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49\"], \"line\": [\"None\", \"98\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.650000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.953Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 989,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "137",
+ "object_id": 137,
+ "object_repr": "XSRF (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"XSRF (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"352\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"137\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.834000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.837000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:11.994Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 990,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "138",
+ "object_id": 138,
+ "object_repr": "Download of Code Without Integrity Check (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\\n\\n**Line Number:** 1\\n**Column:** 778\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"138\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:45.012000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:45.015000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.036Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 991,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "139",
+ "object_id": 139,
+ "object_repr": "Improper Resource Access Authorization (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\\n\\n**Line Number:** 29\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"139\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:45.191000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:45.200000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.075Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 992,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "140",
+ "object_id": 140,
+ "object_repr": "SQL Injection (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"140\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:17.740000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:17.743000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.116Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 993,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "141",
+ "object_id": 141,
+ "object_repr": "Download of Code Without Integrity Check (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"141\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:17.907000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:17.909000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.158Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 994,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "142",
+ "object_id": 142,
+ "object_repr": "Missing X Frame Options (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"142\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.078000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.081000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.198Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 995,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "143",
+ "object_id": 143,
+ "object_repr": "Information Exposure Through an Error Message (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\\n\\n**Line Number:** 132\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 132\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 134\\n**Column:** 13\\n**Source Object:** e\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n**Line Number:** 134\\n**Column:** 30\\n**Source Object:** printStackTrace\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"143\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.260000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc\"], \"line\": [\"None\", \"134\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.263000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.243Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 996,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "144",
+ "object_id": 144,
+ "object_repr": "Improper Resource Shutdown or Release (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\\n\\n**Line Number:** 1\\n**Column:** 688\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1608\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 13\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT COUNT (*) FROM Products\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 25\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"144\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.421000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27\"], \"line\": [\"None\", \"25\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.424000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.282Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 997,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "145",
+ "object_id": 145,
+ "object_repr": "Reflected XSS All Clients (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"145\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.608000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.610000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.323Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 998,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "146",
+ "object_id": 146,
+ "object_repr": "HttpOnlyCookies (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\\n\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"146\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.782000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924\"], \"line\": [\"None\", \"46\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.786000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.357Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 999,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "147",
+ "object_id": 147,
+ "object_repr": "CGI Reflected XSS All Clients (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"147\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.953000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.956000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.394Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1000,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "148",
+ "object_id": 148,
+ "object_repr": "Hardcoded password in Connection String (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 725\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"148\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.120000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.123000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.434Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1001,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "149",
+ "object_id": 149,
+ "object_repr": "Client Insecure Randomness (encryption.js)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client Insecure Randomness (encryption.js)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\\n\\n**Line Number:** 127\\n**Column:** 28\\n**Source Object:** random\\n**Number:** 127\\n**Code:** var h = Math.floor(Math.random() * 65535);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"149\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.295000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6\"], \"line\": [\"None\", \"127\"], \"file_path\": [\"None\", \"/root/js/encryption.js\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.298000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.474Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1002,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "150",
+ "object_id": 150,
+ "object_repr": "SQL Injection (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"150\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.467000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.470000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.516Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1003,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "151",
+ "object_id": 151,
+ "object_repr": "Stored XSS (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"151\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.621000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.625000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.558Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1004,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "152",
+ "object_id": 152,
+ "object_repr": "CGI Stored XSS (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"152\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.789000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.792000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.599Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1005,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "153",
+ "object_id": 153,
+ "object_repr": "Not Using a Random IV with CBC Mode (AES.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Not Using a Random IV with CBC Mode (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"329\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\\n\\n**Line Number:** 96\\n**Column:** 71\\n**Source Object:** ivBytes\\n**Number:** 96\\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"153\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.978000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.980000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.643Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1006,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "154",
+ "object_id": 154,
+ "object_repr": "Collapse of Data into Unsafe Value (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Collapse of Data into Unsafe Value (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"182\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\\n\\n**Line Number:** 19\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"154\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.129000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.132000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.685Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1007,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "155",
+ "object_id": 155,
+ "object_repr": "Stored Boundary Violation (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"646\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Stored\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"155\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.279000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.281000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.726Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1008,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "156",
+ "object_id": 156,
+ "object_repr": "Hardcoded password in Connection String (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 722\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"156\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.420000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.423000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.766Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1009,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "157",
+ "object_id": 157,
+ "object_repr": "Blind SQL Injections (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"157\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.567000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.570000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.805Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1010,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "158",
+ "object_id": 158,
+ "object_repr": "Heap Inspection (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\\n\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"158\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.710000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e\"], \"line\": [\"None\", \"10\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.712000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.844Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1011,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "159",
+ "object_id": 159,
+ "object_repr": "Use of Cryptographically Weak PRNG (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"159\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.879000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.882000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.884Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1012,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "160",
+ "object_id": 160,
+ "object_repr": "Trust Boundary Violation (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Trust Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"501\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"160\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.025000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.029000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.924Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1013,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "161",
+ "object_id": 161,
+ "object_repr": "Information Exposure Through an Error Message (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\\n\\n**Line Number:** 52\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 52\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 53\\n**Column:** 387\\n**Source Object:** e\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n**Line Number:** 53\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"161\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.182000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.185000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.935Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1014,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "162",
+ "object_id": 162,
+ "object_repr": "Reliance on Cookies in a Decision (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\\n\\n**Line Number:** 38\\n**Column:** 388\\n**Source Object:** getCookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 41\\n**Column:** 373\\n**Source Object:** cookies\\n**Number:** 41\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 42\\n**Column:** 392\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 42\\n**Column:** 357\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 43\\n**Column:** 365\\n**Source Object:** cookie\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 280\\n**Column:** 356\\n**Source Object:** stmt\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n**Line Number:** 280\\n**Column:** 361\\n**Source Object:** !=\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"162\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.341000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717\"], \"line\": [\"None\", \"280\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.344000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:12.977Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1015,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "163",
+ "object_id": 163,
+ "object_repr": "Empty Password In Connection String (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"163\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.504000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.506000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.016Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1016,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "164",
+ "object_id": 164,
+ "object_repr": "Improper Resource Access Authorization (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\\n\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"164\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.656000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.659000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.055Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1017,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "165",
+ "object_id": 165,
+ "object_repr": "Client Cross Frame Scripting Attack (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client Cross Frame Scripting Attack (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** JavaScript\\n**Group:** JavaScript Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\\n\\n**Line Number:** 1\\n**Column:** 1\\n**Source Object:** CxJSNS_1557034993\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"165\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.810000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.813000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.098Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1018,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "166",
+ "object_id": 166,
+ "object_repr": "Hardcoded password in Connection String (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\\n\\n**Line Number:** 1\\n**Column:** 737\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 707\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"166\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.951000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.955000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.139Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1019,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "167",
+ "object_id": 167,
+ "object_repr": "HttpOnlyCookies In Config (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"167\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.103000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.106000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.180Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1020,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "168",
+ "object_id": 168,
+ "object_repr": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\\n\\n**Line Number:** 40\\n**Column:** 13\\n**Source Object:** connection\\n**Number:** 40\\n**Code:** this.connection = conn;\\n-----\\n**Line Number:** 43\\n**Column:** 31\\n**Source Object:** getParameters\\n**Number:** 43\\n**Code:** this.getParameters();\\n-----\\n**Line Number:** 44\\n**Column:** 28\\n**Source Object:** setResults\\n**Number:** 44\\n**Code:** this.setResults();\\n-----\\n**Line Number:** 188\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 188\\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\\n-----\\n**Line Number:** 198\\n**Column:** 61\\n**Source Object:** isAjax\\n**Number:** 198\\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\\\", \\\") : result.getTrHTML());\\n-----\\n**Line Number:** 201\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 201\\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\\n-----\\n**Line Number:** 45\\n**Column:** 27\\n**Source Object:** setScores\\n**Number:** 45\\n**Code:** this.setScores();\\n-----\\n**Line Number:** 129\\n**Column:** 28\\n**Source Object:** isDebug\\n**Number:** 129\\n**Code:** if(this.isDebug()){\\n-----\\n**Line Number:** 130\\n**Column:** 21\\n**Source Object:** connection\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 48\\n**Source Object:** createStatement\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 58\\n**Source Object:** execute\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"168\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.252000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08\"], \"line\": [\"None\", \"130\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.255000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.223Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1021,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "169",
+ "object_id": 169,
+ "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\\n\\n**Line Number:** 56\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 56\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"169\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.404000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.407000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.263Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1022,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "170",
+ "object_id": 170,
+ "object_repr": "CGI Reflected XSS All Clients (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"170\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.558000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.561000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.303Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1023,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "171",
+ "object_id": 171,
+ "object_repr": "Suspected XSS (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Suspected XSS (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\\n\\n**Line Number:** 57\\n**Column:** 360\\n**Source Object:** username\\n**Number:** 57\\n**Code:** | <%=username%> | \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"171\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.703000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.706000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.343Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1024,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "172",
+ "object_id": 172,
+ "object_repr": "Hardcoded password in Connection String (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 704\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"172\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.855000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.858000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.383Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1025,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "173",
+ "object_id": 173,
+ "object_repr": "Hardcoded password in Connection String (dbconnection.jspf)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"173\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.007000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.010000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.424Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1026,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "174",
+ "object_id": 174,
+ "object_repr": "Empty Password In Connection String (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"174\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.177000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.181000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.467Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1027,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "175",
+ "object_id": 175,
+ "object_repr": "Download of Code Without Integrity Check (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\\n\\n**Line Number:** 1\\n**Column:** 640\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"175\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.337000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.341000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.507Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1028,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "176",
+ "object_id": 176,
+ "object_repr": "Information Exposure Through an Error Message (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\\n\\n**Line Number:** 39\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 39\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 41\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 41\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"176\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.502000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63\"], \"line\": [\"None\", \"41\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.504000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.546Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1029,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "177",
+ "object_id": 177,
+ "object_repr": "SQL Injection (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"177\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.658000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.661000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.597Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1030,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "178",
+ "object_id": 178,
+ "object_repr": "Empty Password In Connection String (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"178\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.823000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.827000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.640Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1031,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "179",
+ "object_id": 179,
+ "object_repr": "CGI Stored XSS (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"179\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.014000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.020000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.682Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1032,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "180",
+ "object_id": 180,
+ "object_repr": "Plaintext Storage in a Cookie (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Plaintext Storage in a Cookie (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"315\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\\n\\n**Line Number:** 82\\n**Column:** 364\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 82\\n**Column:** 353\\n**Source Object:** basketId\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 84\\n**Column:** 391\\n**Source Object:** basketId\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"180\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.186000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.189000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.723Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1033,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "181",
+ "object_id": 181,
+ "object_repr": "Information Exposure Through an Error Message (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\\n\\n**Line Number:** 72\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 72\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 75\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 75\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"181\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.348000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c\"], \"line\": [\"None\", \"75\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.352000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.761Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1034,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "182",
+ "object_id": 182,
+ "object_repr": "Hardcoded password in Connection String (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\\n\\n**Line Number:** 1\\n**Column:** 792\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 762\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"182\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.527000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.532000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.802Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1035,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "183",
+ "object_id": 183,
+ "object_repr": "Stored XSS (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"183\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.689000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.692000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.869Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1036,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "184",
+ "object_id": 184,
+ "object_repr": "Download of Code Without Integrity Check (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\\n\\n**Line Number:** 1\\n**Column:** 621\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"184\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.885000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.888000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.908Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1037,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "185",
+ "object_id": 185,
+ "object_repr": "Empty Password In Connection String (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"185\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.058000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.063000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.948Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1038,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "186",
+ "object_id": 186,
+ "object_repr": "Heap Inspection (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\\n\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"186\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.238000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2\"], \"line\": [\"None\", \"8\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.242000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:13.990Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1039,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "187",
+ "object_id": 187,
+ "object_repr": "Download of Code Without Integrity Check (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\\n\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"187\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.420000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.423000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.030Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1040,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "188",
+ "object_id": 188,
+ "object_repr": "Session Fixation (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Session Fixation (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\\n\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** setAttribute\\n**Number:** 48\\n**Code:** this.session.setAttribute(\\\"key\\\", this.encryptKey);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"188\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.574000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.577000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.068Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1041,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "189",
+ "object_id": 189,
+ "object_repr": "Stored XSS (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\\n\\n**Line Number:** 34\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 34\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 38\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 38\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 42\\n**Column:** 398\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** \\\" | \\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 42\\n**Column:** 410\\n**Source Object:** getString\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 392\\n**Source Object:** concat\\n**Number:** 39\\n**Code:** output = output.concat(\\\"| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 39\\n**Column:** 370\\n**Source Object:** output\\n**Number:** 39\\n**Code:** output = output.concat(\\\" |
| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 49\\n**Column:** 355\\n**Source Object:** output\\n**Number:** 49\\n**Code:** <%= output %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"189\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.736000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.739000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.112Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1042,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "190",
+ "object_id": 190,
+ "object_repr": "Empty Password In Connection String (dbconnection.jspf)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"190\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.915000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.919000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.151Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1043,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "191",
+ "object_id": 191,
+ "object_repr": "Hardcoded password in Connection String (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2619\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"191\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.083000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.086000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.191Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1044,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "192",
+ "object_id": 192,
+ "object_repr": "Reflected XSS All Clients (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\" |
| \\\" + comments + \\\" |
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" |
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"192\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.242000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.245000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.231Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1045,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "193",
+ "object_id": 193,
+ "object_repr": "HttpOnlyCookies (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\\n\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"193\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.411000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932\"], \"line\": [\"None\", \"38\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.415000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.274Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1046,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "194",
+ "object_id": 194,
+ "object_repr": "Download of Code Without Integrity Check (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"194\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.579000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.583000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.314Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1047,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "195",
+ "object_id": 195,
+ "object_repr": "Stored XSS (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"195\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.790000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.795000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.354Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1048,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "196",
+ "object_id": 196,
+ "object_repr": "Empty Password In Connection String (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"196\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.983000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.988000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.393Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1049,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "197",
+ "object_id": 197,
+ "object_repr": "Reflected XSS All Clients (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"197\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.187000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.191000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.432Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1050,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "198",
+ "object_id": 198,
+ "object_repr": "Improper Resource Access Authorization (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"198\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.369000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628\"], \"line\": [\"None\", \"42\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.375000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.475Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1051,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "199",
+ "object_id": 199,
+ "object_repr": "Download of Code Without Integrity Check (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\\n\\n**Line Number:** 1\\n**Column:** 625\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"199\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.558000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.562000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.516Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1052,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "200",
+ "object_id": 200,
+ "object_repr": "Download of Code Without Integrity Check (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"200\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.764000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.766000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.561Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1053,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "201",
+ "object_id": 201,
+ "object_repr": "Improper Resource Access Authorization (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\\n\\n**Line Number:** 55\\n**Column:** 385\\n**Source Object:** executeQuery\\n**Number:** 55\\n**Code:** ResultSet rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE basketid = \\\" + basketId);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"201\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.957000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f\"], \"line\": [\"None\", \"55\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.960000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.606Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1054,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "202",
+ "object_id": 202,
+ "object_repr": "Race Condition Format Flaw (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\\n\\n**Line Number:** 262\\n**Column:** 399\\n**Source Object:** format\\n**Number:** 262\\n**Code:** out.println(\\\" | \\\" + nf.format(pricetopay) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"202\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.132000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a\"], \"line\": [\"None\", \"262\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.135000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.655Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1055,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "203",
+ "object_id": 203,
+ "object_repr": "Empty Password In Connection String (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\\n\\n**Line Number:** 89\\n**Column:** 1\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 89\\n**Code:** c = DriverManager.getConnection(\\\"jdbc:hsqldb:mem:SQL\\\", \\\"sa\\\", \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"203\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.331000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.335000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.697Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1056,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "204",
+ "object_id": 204,
+ "object_repr": "Improper Resource Access Authorization (FunctionalZAP.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (FunctionalZAP.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\\n\\n**Line Number:** 31\\n**Column:** 37\\n**Source Object:** getProperty\\n**Number:** 31\\n**Code:** String target = System.getProperty(\\\"zap.targetApp\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"204\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.524000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.528000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.738Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1057,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "205",
+ "object_id": 205,
+ "object_repr": "Suspected XSS (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Suspected XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** username\\n**Number:** 7\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 89\\n**Column:** 356\\n**Source Object:** username\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"205\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.696000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.704000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.777Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1058,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "206",
+ "object_id": 206,
+ "object_repr": "Use of Cryptographically Weak PRNG (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"206\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.911000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.925000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.817Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1059,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "207",
+ "object_id": 207,
+ "object_repr": "CGI Stored XSS (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"207\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.151000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.157000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.857Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1060,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "208",
+ "object_id": 208,
+ "object_repr": "Improper Resource Shutdown or Release (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\\n\\n**Line Number:** 1\\n**Column:** 2588\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2872\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3278\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3375\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3473\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3575\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3673\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3769\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3866\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3972\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4357\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4511\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4668\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4823\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5127\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5279\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5431\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5583\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5733\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5883\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6033\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6183\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6333\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6483\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6633\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6783\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6940\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7096\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7257\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7580\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7730\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7880\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8029\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8179\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8340\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8495\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8656\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8813\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8966\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9121\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9272\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9653\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9814\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9976\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10140\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10506\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10846\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10986\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11126\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11266\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11407\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11761\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11779\\n**Source Object:** prepareStatement\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11899\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"208\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.349000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.353000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.898Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1061,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "209",
+ "object_id": 209,
+ "object_repr": "Download of Code Without Integrity Check (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\\n\\n**Line Number:** 87\\n**Column:** 10\\n**Source Object:** forName\\n**Number:** 87\\n**Code:** Class.forName(\\\"org.hsqldb.jdbcDriver\\\" );\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"209\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.526000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2\"], \"line\": [\"None\", \"87\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.529000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.939Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1062,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "210",
+ "object_id": 210,
+ "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\\n\\n**Line Number:** 1\\n**Column:** 728\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1648\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 53\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 53\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 240\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 274\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 274\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"210\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.687000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.690000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:14.980Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1063,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "211",
+ "object_id": 211,
+ "object_repr": "Blind SQL Injections (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"211\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.892000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.896000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.021Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1064,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "212",
+ "object_id": 212,
+ "object_repr": "Client DOM Open Redirect (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client DOM Open Redirect (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"601\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\\n\\n**Line Number:** 48\\n**Column:** 63\\n**Source Object:** href\\n**Number:** 48\\n**Code:** New Search\\n-----\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** location\\n**Number:** 48\\n**Code:** New Search\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"212\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.058000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.061000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.061Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1065,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "213",
+ "object_id": 213,
+ "object_repr": "Hardcoded password in Connection String (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"213\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.215000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.218000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.209Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1066,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "214",
+ "object_id": 214,
+ "object_repr": "CGI Stored XSS (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"214\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.364000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.367000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.253Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1067,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "215",
+ "object_id": 215,
+ "object_repr": "Use of Insufficiently Random Values (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"215\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.560000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.564000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.294Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1068,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "216",
+ "object_id": 216,
+ "object_repr": "Missing X Frame Options (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"216\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.719000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.722000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.336Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1069,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "217",
+ "object_id": 217,
+ "object_repr": "Reflected XSS All Clients (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\\n\\n**Line Number:** 10\\n**Column:** 395\\n**Source Object:** \\\"\\\"q\\\"\\\"\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 394\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** query\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 362\\n**Source Object:** query\\n**Number:** 13\\n**Code:** if (query.replaceAll(\\\"\\\\\\\\s\\\", \\\"\\\").toLowerCase().indexOf(\\\"\\\") >= 0) {\\n-----\\n**Line Number:** 18\\n**Column:** 380\\n**Source Object:** query\\n**Number:** 18\\n**Code:** You searched for: <%= query %>
\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"217\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.883000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06\"], \"line\": [\"None\", \"18\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.886000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.380Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1070,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "218",
+ "object_id": 218,
+ "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\\n\\n**Line Number:** 84\\n**Column:** 372\\n**Source Object:** Cookie\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"218\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.052000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.055000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.420Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1071,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "219",
+ "object_id": 219,
+ "object_repr": "Information Exposure Through an Error Message (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\\n\\n**Line Number:** 35\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 35\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 37\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"219\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.208000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.211000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.469Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1072,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "220",
+ "object_id": 220,
+ "object_repr": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\\n\\n**Line Number:** 47\\n**Column:** 70\\n**Source Object:** 0\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 69\\n**Source Object:** substring\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 17\\n**Source Object:** encryptKey\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 17\\n**Column:** 374\\n**Source Object:** AdvancedSearch\\n**Number:** 17\\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\\n-----\\n**Line Number:** 18\\n**Column:** 357\\n**Source Object:** as\\n**Number:** 18\\n**Code:** if(as.isAjax()){\\n-----\\n**Line Number:** 26\\n**Column:** 20\\n**Source Object:** encryptKey\\n**Number:** 26\\n**Code:** private String encryptKey = null;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"220\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.415000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be\"], \"line\": [\"None\", \"26\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.421000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.511Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1073,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "221",
+ "object_id": 221,
+ "object_repr": "Reliance on Cookies in a Decision (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\\n\\n**Line Number:** 46\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 49\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 49\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 50\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 50\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 51\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 56\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 56\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"221\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.589000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.593000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.551Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1074,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "222",
+ "object_id": 222,
+ "object_repr": "Stored XSS (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\\n\\n**Line Number:** 63\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 63\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 66\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 66\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 68\\n**Column:** 411\\n**Source Object:** rs\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 423\\n**Source Object:** getString\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"222\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.833000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e\"], \"line\": [\"None\", \"68\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.837000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.594Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1075,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "223",
+ "object_id": 223,
+ "object_repr": "CGI Stored XSS (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"223\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.027000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.031000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.640Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1076,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "224",
+ "object_id": 224,
+ "object_repr": "Heap Inspection (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"224\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.200000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd\"], \"line\": [\"None\", \"7\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.203000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.682Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1077,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "225",
+ "object_id": 225,
+ "object_repr": "Improper Resource Shutdown or Release (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\\n\\n**Line Number:** 1\\n**Column:** 721\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1641\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 20\\n**Column:** 371\\n**Source Object:** conn\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 391\\n**Source Object:** createStatement\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 364\\n**Source Object:** stmt\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 34\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 57\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 57\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"225\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.375000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.378000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.722Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1078,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "226",
+ "object_id": 226,
+ "object_repr": "Information Exposure Through an Error Message (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\\n\\n**Line Number:** 64\\n**Column:** 374\\n**Source Object:** e\\n**Number:** 64\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 65\\n**Column:** 357\\n**Source Object:** e\\n**Number:** 65\\n**Code:** if (e.getMessage().indexOf(\\\"Unique constraint violation\\\") >= 0) {\\n-----\\n**Line Number:** 70\\n**Column:** 392\\n**Source Object:** e\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 70\\n**Column:** 366\\n**Source Object:** println\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"226\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.557000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19\"], \"line\": [\"None\", \"70\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.560000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.764Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1079,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "227",
+ "object_id": 227,
+ "object_repr": "Improper Resource Access Authorization (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\\n\\n**Line Number:** 1\\n**Column:** 3261\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"227\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.727000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.732000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.804Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1080,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "228",
+ "object_id": 228,
+ "object_repr": "CGI Stored XSS (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 14\\n**Column:** 38\\n**Source Object:** getAttribute\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 10\\n**Source Object:** username\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 52\\n**Source Object:** username\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 8\\n**Source Object:** println\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"228\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.910000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.913000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.845Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1081,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "229",
+ "object_id": 229,
+ "object_repr": "Blind SQL Injections (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"229\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:33.098000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:33.101000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.886Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1082,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "230",
+ "object_id": 230,
+ "object_repr": "HttpOnlyCookies In Config (web.xml)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"230\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:33.286000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:33.306000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.926Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1083,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "231",
+ "object_id": 231,
+ "object_repr": "Use of Hard coded Cryptographic Key (AES.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\\n\\n**Line Number:** 50\\n**Column:** 43\\n**Source Object:** \\\"\\\"AES/ECB/NoPadding\\\"\\\"\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 42\\n**Source Object:** getInstance\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 19\\n**Source Object:** c2\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"231\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:33.680000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:33.683000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:15.967Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1084,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "232",
+ "object_id": 232,
+ "object_repr": "Improper Resource Shutdown or Release (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\\n\\n**Line Number:** 13\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"232\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:33.947000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:33.952000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.008Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1085,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "233",
+ "object_id": 233,
+ "object_repr": "CGI Reflected XSS All Clients (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"233\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:34.242000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:34.247000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.050Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1086,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "234",
+ "object_id": 234,
+ "object_repr": "Stored XSS (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\" | \\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"234\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:34.513000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:34.521000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.091Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1087,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "235",
+ "object_id": 235,
+ "object_repr": "Information Exposure Through an Error Message (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\\n\\n**Line Number:** 62\\n**Column:** 371\\n**Source Object:** e\\n**Number:** 62\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 65\\n**Column:** 391\\n**Source Object:** e\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 65\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"235\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:34.736000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd\"], \"line\": [\"None\", \"65\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:34.740000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.136Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1088,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "236",
+ "object_id": 236,
+ "object_repr": "Improper Resource Access Authorization (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\\n\\n**Line Number:** 14\\n**Column:** 396\\n**Source Object:** execute\\n**Number:** 14\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"236\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:34.931000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:34.937000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.175Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1089,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "237",
+ "object_id": 237,
+ "object_repr": "Improper Resource Access Authorization (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\\n\\n**Line Number:** 14\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"237\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:35.131000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:35.134000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.216Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1090,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "238",
+ "object_id": 238,
+ "object_repr": "Improper Resource Shutdown or Release (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\\n\\n**Line Number:** 1\\n**Column:** 669\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1589\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 15\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 15\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Users\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 27\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Baskets\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 40\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 40\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"238\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:35.361000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6\"], \"line\": [\"None\", \"40\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:35.367000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.256Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1091,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "239",
+ "object_id": 239,
+ "object_repr": "Information Exposure Through an Error Message (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\\n\\n**Line Number:** 55\\n**Column:** 377\\n**Source Object:** e\\n**Number:** 55\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 58\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 58\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"239\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:35.578000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2\"], \"line\": [\"None\", \"58\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:35.581000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.299Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1092,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "240",
+ "object_id": 240,
+ "object_repr": "Blind SQL Injections (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"240\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:35.813000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:35.818000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.346Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1093,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "241",
+ "object_id": 241,
+ "object_repr": "Reliance on Cookies in a Decision (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\\n\\n**Line Number:** 35\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 39\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 40\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 45\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 45\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"241\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.014000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9\"], \"line\": [\"None\", \"45\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:36.019000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.386Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1094,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "242",
+ "object_id": 242,
+ "object_repr": "Download of Code Without Integrity Check (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"242\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.237000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:36.247000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.428Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1095,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "243",
+ "object_id": 243,
+ "object_repr": "Unsynchronized Access To Shared Data (AdvancedSearch.java)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Unsynchronized Access To Shared Data (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"567\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\\n\\n**Line Number:** 93\\n**Column:** 24\\n**Source Object:** jsonEmpty\\n**Number:** 93\\n**Code:** return this.jsonEmpty;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"243\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.465000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87\"], \"line\": [\"None\", \"93\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:36.471000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.470Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1096,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "244",
+ "object_id": 244,
+ "object_repr": "Empty Password In Connection String (search.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"244\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.747000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:36.756000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.512Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1097,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "245",
+ "object_id": 245,
+ "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\\n\\n**Line Number:** 1\\n**Column:** 670\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1590\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 12\\n**Column:** 368\\n**Source Object:** conn\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 388\\n**Source Object:** createStatement\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 361\\n**Source Object:** stmt\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 15\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 383\\n**Source Object:** getInt\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 360\\n**Source Object:** userid\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 23\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 23\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n**Line Number:** 37\\n**Column:** 396\\n**Source Object:** getAttribute\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 358\\n**Source Object:** userid\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 420\\n**Source Object:** userid\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 376\\n**Source Object:** executeQuery\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 111\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 111\\n**Code:** rs.next();\\n-----\\n**Line Number:** 112\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 379\\n**Source Object:** getInt\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"245\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.998000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.002000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.552Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1098,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "246",
+ "object_id": 246,
+ "object_repr": "Improper Resource Access Authorization (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"246\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:37.224000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.232000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.597Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1099,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "247",
+ "object_id": 247,
+ "object_repr": "Session Fixation (logout.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Session Fixation (logout.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\\n\\n**Line Number:** 3\\n**Column:** 370\\n**Source Object:** setAttribute\\n**Number:** 3\\n**Code:** session.setAttribute(\\\"username\\\", null);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"247\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:37.433000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10\"], \"line\": [\"None\", \"3\"], \"file_path\": [\"None\", \"/root/logout.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.438000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.643Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1100,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "248",
+ "object_id": 248,
+ "object_repr": "Hardcoded password in Connection String (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"248\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:37.656000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.660000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.685Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1101,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "249",
+ "object_id": 249,
+ "object_repr": "Hardcoded password in Connection String (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 860\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"249\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:37.871000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.876000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.715Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1102,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "250",
+ "object_id": 250,
+ "object_repr": "Improper Resource Access Authorization (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"250\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.090000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.093000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.751Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1103,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "251",
+ "object_id": 251,
+ "object_repr": "Improper Resource Access Authorization (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\\n\\n**Line Number:** 91\\n**Column:** 14\\n**Source Object:** executeQuery\\n**Number:** 91\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"251\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.295000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9\"], \"line\": [\"None\", \"91\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.298000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.786Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1104,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "252",
+ "object_id": 252,
+ "object_repr": "Empty Password In Connection String (score.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"252\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.446000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.449000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.826Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1105,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "253",
+ "object_id": 253,
+ "object_repr": "Improper Resource Shutdown or Release (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\\n\\n**Line Number:** 21\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"253\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.602000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.606000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.867Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1106,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "254",
+ "object_id": 254,
+ "object_repr": "Improper Resource Shutdown or Release (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\\n\\n**Line Number:** 1\\n**Column:** 691\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1611\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 97\\n**Column:** 353\\n**Source Object:** conn\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 373\\n**Source Object:** createStatement\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"254\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.809000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28\"], \"line\": [\"None\", \"97\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.813000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.910Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1107,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "255",
+ "object_id": 255,
+ "object_repr": "Empty Password In Connection String (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"255\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.991000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.994000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.949Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1108,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "256",
+ "object_id": 256,
+ "object_repr": "Information Exposure Through an Error Message (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\\n\\n**Line Number:** 60\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 60\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 63\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 63\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"256\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:39.186000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb\"], \"line\": [\"None\", \"63\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:39.192000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:16.991Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1109,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "257",
+ "object_id": 257,
+ "object_repr": "Use of Insufficiently Random Values (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"257\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:39.385000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:39.388000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.032Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1110,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "258",
+ "object_id": 258,
+ "object_repr": "Stored XSS (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 89\\n**Column:** 401\\n**Source Object:** getAttribute\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"258\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:39.588000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:39.593000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.070Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1111,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "259",
+ "object_id": 259,
+ "object_repr": "HttpOnlyCookies (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\\n\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"259\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:39.966000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3\"], \"line\": [\"None\", \"35\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:39.970000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.114Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1112,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "260",
+ "object_id": 260,
+ "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\\n\\n**Line Number:** 61\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 61\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"260\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:40.147000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99\"], \"line\": [\"None\", \"61\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:40.152000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.155Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1113,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "261",
+ "object_id": 261,
+ "object_repr": "Information Exposure Through an Error Message (header.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\\n\\n**Line Number:** 96\\n**Column:** 18\\n**Source Object:** e\\n**Number:** 96\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 99\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 99\\n**Column:** 9\\n**Source Object:** println\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"261\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:40.354000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215\"], \"line\": [\"None\", \"99\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:40.358000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.194Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1114,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "262",
+ "object_id": 262,
+ "object_repr": "Race Condition Format Flaw (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\\n\\n**Line Number:** 51\\n**Column:** 400\\n**Source Object:** format\\n**Number:** 51\\n**Code:** \\\"\\\" + nf.format(price) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"262\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:40.562000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1\"], \"line\": [\"None\", \"51\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:40.567000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.236Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1115,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "263",
+ "object_id": 263,
+ "object_repr": "Stored XSS (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"263\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:40.776000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:40.782000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.275Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1116,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "264",
+ "object_id": 264,
+ "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1593\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 26\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 29\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 31\\n**Code:** rs.next();\\n-----\\n**Line Number:** 32\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 377\\n**Source Object:** getInt\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 353\\n**Source Object:** userid\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 36\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 36\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"264\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.002000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.006000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.316Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1117,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "265",
+ "object_id": 265,
+ "object_repr": "Heap Inspection (init.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\\n\\n**Line Number:** 1\\n**Column:** 563\\n**Source Object:** passwordSize\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"265\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.203000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.210000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.357Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1118,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "266",
+ "object_id": 266,
+ "object_repr": "CGI Reflected XSS All Clients (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"266\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.419000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.423000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.396Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1119,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "267",
+ "object_id": 267,
+ "object_repr": "Empty Password In Connection String (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"267\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.637000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.643000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.435Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1120,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "268",
+ "object_id": 268,
+ "object_repr": "Information Exposure Through an Error Message (product.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\\n\\n**Line Number:** 95\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 95\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 98\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 98\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"268\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.811000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49\"], \"line\": [\"None\", \"98\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.814000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.478Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1121,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "269",
+ "object_id": 269,
+ "object_repr": "XSRF (password.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"XSRF (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"352\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"269\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.972000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.975000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.522Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1122,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "270",
+ "object_id": 270,
+ "object_repr": "Download of Code Without Integrity Check (advanced.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\\n\\n**Line Number:** 1\\n**Column:** 778\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"270\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.150000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.152000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.562Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1123,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "271",
+ "object_id": 271,
+ "object_repr": "Improper Resource Access Authorization (register.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\\n\\n**Line Number:** 29\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"271\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.303000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.308000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.607Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1124,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "272",
+ "object_id": 272,
+ "object_repr": "Download of Code Without Integrity Check (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\\n\\n**Line Number:** 1\\n**Column:** 680\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"272\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.477000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.480000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.650Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1125,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "273",
+ "object_id": 273,
+ "object_repr": "Improper Resource Access Authorization (admin.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\\n\\n**Line Number:** 12\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 12\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"273\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.636000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099\"], \"line\": [\"None\", \"12\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.640000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.691Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1126,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "274",
+ "object_id": 274,
+ "object_repr": "Use of Cryptographically Weak PRNG (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"274\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.816000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.819000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.730Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1127,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "275",
+ "object_id": 275,
+ "object_repr": "Improper Resource Shutdown or Release (contact.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\\n\\n**Line Number:** 24\\n**Column:** 377\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 398\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 27\\n**Code:** stmt.setString(1, username);\\n-----\\n**Line Number:** 28\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 28\\n**Code:** stmt.setString(2, comments);\\n-----\\n**Line Number:** 29\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 29\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"275\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.999000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:43.002000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.770Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1128,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "276",
+ "object_id": 276,
+ "object_repr": "Reflected XSS All Clients (login.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"276\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:43.197000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:43.202000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.812Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1129,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "277",
+ "object_id": 277,
+ "object_repr": "Use of Insufficiently Random Values (home.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"277\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:43.364000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:43.369000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.852Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1130,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "278",
+ "object_id": 278,
+ "object_repr": "SQL Injection (basket.jsp)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"278\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:43.552000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:43.555000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.893Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1131,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "279",
+ "object_id": 279,
+ "object_repr": "test",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"test\"], \"date\": [\"None\", \"2021-11-03\"], \"url\": [\"None\", \"No url given\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"asdf\"], \"mitigation\": [\"None\", \"adf\"], \"impact\": [\"None\", \"asdf\"], \"steps_to_reproduce\": [\"None\", \"\"], \"severity_justification\": [\"None\", \"\"], \"id\": [\"None\", \"279\"], \"references\": [\"None\", \"No references given\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Pen Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"hash_code\": [\"None\", \"df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 17:14:15.434000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.933Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1132,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "280",
+ "object_id": 280,
+ "object_repr": "notepad++.exe | CVE-2007-2666",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"notepad++.exe | CVE-2007-2666\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"1035\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\\n\\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"280\"], \"references\": [\"None\", \"name: 23961\\nsource: BID\\nurl: http://www.securityfocus.com/bid/23961\\n\\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\\nsource: BUGTRAQ\\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\\n\\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\\nsource: BUGTRAQ\\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\\n\\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\\nsource: CONFIRM\\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\\n\\nname: 3912\\nsource: MILW0RM\\nurl: http://www.milw0rm.com/exploits/3912\\n\\nname: ADV-2007-1794\\nsource: VUPEN\\nurl: http://www.vupen.com/english/advisories/2007/1794\\n\\nname: ADV-2007-1867\\nsource: VUPEN\\nurl: http://www.vupen.com/english/advisories/2007/1867\\n\\nname: notepadplus-rb-bo(34269)\\nsource: XF\\nurl: http://xforce.iss.net/xforce/xfdb/34269\\n\\nname: scintilla-rb-bo(34372)\\nsource: XF\\nurl: http://xforce.iss.net/xforce/xfdb/34372\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Dependency Check Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:22:26.290000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a\"], \"file_path\": [\"None\", \"notepad++.exe\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:22:26.294000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:17.973Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1133,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "281",
+ "object_id": 281,
+ "object_repr": "notepad++.exe | CVE-2008-3436",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"notepad++.exe | CVE-2008-3436\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"1035\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"CWE-94 Improper Control of Generation of Code ('Code Injection')\\n\\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"281\"], \"references\": [\"None\", \"name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\\nsource: FULLDISC\\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\\n\\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\\nsource: MISC\\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Dependency Check Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:22:26.568000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb\"], \"file_path\": [\"None\", \"notepad++.exe\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:22:26.571000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.014Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1134,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "282",
+ "object_id": 282,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Account\\\\ViewAccountInfo.aspx.cs\\nLine: 22\\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"282\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:56.911000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:56.915000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.055Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1135,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "283",
+ "object_id": 283,
+ "object_repr": ".NET Debugging Enabled",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \".NET Debugging Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Severity: Medium\\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Web.config\\nLine: 25\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"283\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.105000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.107000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.094Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1136,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "284",
+ "object_id": 284,
+ "object_repr": "URL Request Gets Path from Variable",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"URL Request Gets Path from Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\PackageTracking.aspx.cs\\nLine: 72\\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"284\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.285000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.288000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.135Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1137,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "285",
+ "object_id": 285,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\XtremelyEvilWebApp\\\\StealCookies.aspx.cs\\nLine: 19\\nCodeLine: TODO: Mail the cookie in real time.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.483000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.485000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.175Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1138,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "286",
+ "object_id": 286,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\CustomerRepository.cs\\nLine: 41\\nCodeLine: TODO: Add try/catch logic\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"286\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.662000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.665000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.215Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1139,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "287",
+ "object_id": 287,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\ShipperRepository.cs\\nLine: 37\\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"287\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.857000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.860000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.253Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1140,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "288",
+ "object_id": 288,
+ "object_repr": ".NET Debugging Enabled",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \".NET Debugging Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Severity: Medium\\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\XtremelyEvilWebApp\\\\Web.config\\nLine: 6\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"288\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.047000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.050000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.291Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1141,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "289",
+ "object_id": 289,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Product.aspx.cs\\nLine: 58\\nCodeLine: TODO: Put this in try/catch as well\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"289\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.246000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.249000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.330Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1142,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "290",
+ "object_id": 290,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Checkout\\\\Checkout.aspx.cs\\nLine: 145\\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"290\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.452000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.455000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.375Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1143,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "291",
+ "object_id": 291,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Order.cs\\nLine: 27\\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"291\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.643000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.645000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.414Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1144,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "292",
+ "object_id": 292,
+ "object_repr": "URL Request Gets Path from Variable",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"URL Request Gets Path from Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Account\\\\Register.aspx.cs\\nLine: 35\\nCodeLine: Response.Redirect(continueUrl);\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"292\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.836000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.838000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.452Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1145,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "293",
+ "object_id": 293,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\BlogResponseRepository.cs\\nLine: 18\\nCodeLine: TODO: should put this in a try/catch\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"293\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.005000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.007000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.498Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1146,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "294",
+ "object_id": 294,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\BlogEntryRepository.cs\\nLine: 18\\nCodeLine: TODO: should put this in a try/catch\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"294\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.201000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.205000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.538Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1147,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "295",
+ "object_id": 295,
+ "object_repr": "URL Request Gets Path from Variable",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"URL Request Gets Path from Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\PackageTracking.aspx.cs\\nLine: 25\\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"295\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.422000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.425000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.575Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1148,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "296",
+ "object_id": 296,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Cart.cs\\nLine: 16\\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"296\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.586000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.588000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.620Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1149,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "297",
+ "object_id": 297,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Cart.cs\\nLine: 41\\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"297\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.765000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.768000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.664Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1150,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "298",
+ "object_id": 298,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Product.aspx.cs\\nLine: 59\\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"298\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.942000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.945000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.704Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1151,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "299",
+ "object_id": 299,
+ "object_repr": "Comment Indicates Potentially Unfinished Code",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Checkout\\\\Checkout.aspx.cs\\nLine: 102\\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"299\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:24:00.128000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:24:00.131000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.745Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1152,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "300",
+ "object_id": 300,
+ "object_repr": "Password field with autocomplete enabled",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Password field with autocomplete enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field with autocomplete enabled:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\\\"off\\\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\\n\\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\\n\"], \"impact\": [\"None\", \"Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\\n\\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \\n\"], \"id\": [\"None\", \"300\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:08.321000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.784Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1153,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "301",
+ "object_id": 301,
+ "object_repr": "Frameable response (potential Clickjacking)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Frameable response (potential Clickjacking)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/logout.jsp\\n\\n\\nURL: http://localhost:8888/\\n\\n\\nURL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\\n\"], \"impact\": [\"None\", \"If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\\n\\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \\\"framebusting\\\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\\n\\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \\n\"], \"id\": [\"None\", \"301\"], \"references\": [\"None\", \"\\n\\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:08.600000\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.831Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1154,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "302",
+ "object_id": 302,
+ "object_repr": "Cross-site scripting (reflected)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cross-site scripting (reflected)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\\n\\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \\\" ' and =, should be replaced with the corresponding HTML entities (< > etc).\\n\\n\\n\\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\\n\"], \"impact\": [\"None\", \"Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\\n\\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\\n\\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\\n\\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \\n\"], \"id\": [\"None\", \"302\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.076000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.871Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1155,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "303",
+ "object_id": 303,
+ "object_repr": "Unencrypted communications",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Unencrypted communications\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\\n\"], \"impact\": [\"None\", \"The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\\n\\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \\n\\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\\n\"], \"id\": [\"None\", \"303\"], \"references\": [\"None\", \"\\n\\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.291000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.915Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1156,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "304",
+ "object_id": 304,
+ "object_repr": "Password returned in later response",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Password returned in later response\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\\n\"], \"impact\": [\"None\", \"Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"id\": [\"None\", \"304\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.503000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:18.958Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1157,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "305",
+ "object_id": 305,
+ "object_repr": "Email addresses disclosed",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Email addresses disclosed\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@test.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\\n\\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \\n\"], \"impact\": [\"None\", \"The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\\n\\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\\n\"], \"id\": [\"None\", \"305\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.709000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1158,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "306",
+ "object_id": 306,
+ "object_repr": "Cross-site request forgery",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cross-site request forgery\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\\n\\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \\n\"], \"impact\": [\"None\", \"Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\\n\\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\\n\\n\\n\"], \"id\": [\"None\", \"306\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.990000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.044Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1159,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "307",
+ "object_id": 307,
+ "object_repr": "SQL injection",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL injection\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \\n \\nThe database appears to be Microsoft SQL Server.\\n\\n\"], \"mitigation\": [\"None\", \"The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \\n\\n\\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\\n\\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \\n\\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\\n\\n\\n\"], \"impact\": [\"None\", \"SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\\n\\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \\n\"], \"id\": [\"None\", \"307\"], \"references\": [\"None\", \"\\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:10.214000\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.086Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1160,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "308",
+ "object_id": 308,
+ "object_repr": "Path-relative style sheet import",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Path-relative style sheet import\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/logout.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \\n\\n * Setting the HTTP response header \\\"X-Frame-Options: deny\\\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\\n * Setting a modern doctype (e.g. \\\"\\\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\\n * Setting the HTTP response header \\\"X-Content-Type-Options: no sniff\\\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\\n\\n\\n\"], \"impact\": [\"None\", \"Path-relative style sheet import vulnerabilities arise when the following conditions hold:\\n\\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \\\"/original-path/file.php\\\" might import \\\"styles/main.css\\\").\\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \\\"/original-path/file.php/extra-junk/\\\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \\\"/original-path/file.php/extra-junk/styles/main.css\\\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\\n\\n\\n\\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\\n\\n * Executing arbitrary JavaScript using IE's expression() function.\\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\\n\\n\\n\"], \"id\": [\"None\", \"308\"], \"references\": [\"None\", \"\\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:10.480000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.132Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1161,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "309",
+ "object_id": 309,
+ "object_repr": "Cleartext submission of password",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cleartext submission of password\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\\n\"], \"impact\": [\"None\", \"Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"id\": [\"None\", \"309\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:10.892000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.177Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1162,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "310",
+ "object_id": 310,
+ "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 59\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(notFound)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"310\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:08.495000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:08.498000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.221Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1163,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "311",
+ "object_id": 311,
+ "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 58\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(value)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"311\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:08.748000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:08.751000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.260Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1164,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "312",
+ "object_id": 312,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 165\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"312\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.021000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.023000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.298Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1165,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "313",
+ "object_id": 313,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 82\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"313\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.244000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.246000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.338Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1166,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "314",
+ "object_id": 314,
+ "object_repr": "SQL string formatting-G201",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL string formatting-G201\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\\nLine number: 36-39\\nIssue Confidence: HIGH\\n\\nCode:\\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \\n\\t\\t\\t\\t\\t\\t\\t\\tFROM Profile as p,Users as u \\n\\t\\t\\t\\t\\t\\t\\t\\twhere p.user_id = u.id \\n\\t\\t\\t\\t\\t\\t\\t\\tand u.id=%s`,uid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"314\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.431000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/sqli/function.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.434000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.387Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1167,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "315",
+ "object_id": 315,
+ "object_repr": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blacklisted import crypto/md5: weak cryptographic primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 8\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"315\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.630000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.633000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.433Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1168,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "316",
+ "object_id": 316,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 124\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"316\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.840000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.843000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.478Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1169,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "317",
+ "object_id": 317,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 63\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"317\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.049000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.052000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.523Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1170,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "318",
+ "object_id": 318,
+ "object_repr": "Use of weak cryptographic primitive-G401",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of weak cryptographic primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 164\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"318\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.279000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.281000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.561Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1171,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "319",
+ "object_id": 319,
+ "object_repr": "Use of weak cryptographic primitive-G401",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of weak cryptographic primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 160\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"319\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.485000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.488000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.595Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1172,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "320",
+ "object_id": 320,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 35\\nIssue Confidence: HIGH\\n\\nCode:\\nw.Write(b)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"320\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.677000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.679000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.641Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1173,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "321",
+ "object_id": 321,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\\nLine number: 70\\nIssue Confidence: HIGH\\n\\nCode:\\nsqlmapDetected, _ := regexp.MatchString(\\\"sqlmap*\\\", userAgent)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"321\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.869000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/middleware/middleware.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.872000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.685Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1174,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "322",
+ "object_id": 322,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\\nLine number: 73\\nIssue Confidence: HIGH\\n\\nCode:\\nw.Write([]byte(\\\"Forbidden\\\"))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"322\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.062000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/middleware/middleware.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.065000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.729Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1175,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "323",
+ "object_id": 323,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/app.go\\nLine number: 79\\nIssue Confidence: HIGH\\n\\nCode:\\ns.ListenAndServe()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"323\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.239000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/app.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.242000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.772Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1176,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "324",
+ "object_id": 324,
+ "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 62\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(value)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"324\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.433000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.435000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.815Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1177,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "325",
+ "object_id": 325,
+ "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 63\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(vuln)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"325\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.620000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.622000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.860Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1178,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "326",
+ "object_id": 326,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/setting/setting.go\\nLine number: 66\\nIssue Confidence: HIGH\\n\\nCode:\\n_ = db.QueryRow(sql).Scan(&version)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"326\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.797000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/setting/setting.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.800000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.903Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1179,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "327",
+ "object_id": 327,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/setting/setting.go\\nLine number: 64\\nIssue Confidence: HIGH\\n\\nCode:\\ndb,_ := database.Connect()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"327\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.990000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/setting/setting.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.992000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.943Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1180,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "328",
+ "object_id": 328,
+ "object_repr": "Use of weak cryptographic primitive-G401",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of weak cryptographic primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 62\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"328\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.172000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.175000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:19.982Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1181,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "329",
+ "object_id": 329,
+ "object_repr": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blacklisted import crypto/md5: weak cryptographic primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 7\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"329\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.359000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.361000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.022Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1182,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "330",
+ "object_id": 330,
+ "object_repr": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blacklisted import crypto/md5: weak cryptographic primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 8\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"330\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.552000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.555000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.064Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1183,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "331",
+ "object_id": 331,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/cookie.go\\nLine number: 42\\nIssue Confidence: HIGH\\n\\nCode:\\ncookie, _ := r.Cookie(name)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"331\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.737000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/cookie.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.739000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.108Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1184,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "332",
+ "object_id": 332,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 42\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"332\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.979000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.982000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.149Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1185,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "333",
+ "object_id": 333,
+ "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 100\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(inlineJS)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"333\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:13.202000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:13.204000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.186Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1186,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "334",
+ "object_id": 334,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 61\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"334\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:13.417000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:13.420000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.226Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1187,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "335",
+ "object_id": 335,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 161\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"335\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:13.631000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:13.635000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.267Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1188,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "336",
+ "object_id": 336,
+ "object_repr": "Errors unhandled.-G104",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 41\\nIssue Confidence: HIGH\\n\\nCode:\\ntemplate.ExecuteTemplate(w, name, data)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"336\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:13.917000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:13.920000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.306Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1189,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "337",
+ "object_id": 337,
+ "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 45\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(text)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"337\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:14.148000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:14.152000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.345Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1190,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "338",
+ "object_id": 338,
+ "object_repr": "Password field with autocomplete enabled",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Password field with autocomplete enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field with autocomplete enabled:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\\\"off\\\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\\n\\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\\n\"], \"impact\": [\"None\", \"Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\\n\\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \\n\"], \"id\": [\"None\", \"338\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:56.374000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:56.377000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.391Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1191,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "339",
+ "object_id": 339,
+ "object_repr": "Frameable response (potential Clickjacking)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Frameable response (potential Clickjacking)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/logout.jsp\\n\\n\\nURL: http://localhost:8888/\\n\\n\\nURL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\\n\"], \"impact\": [\"None\", \"If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\\n\\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \\\"framebusting\\\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\\n\\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \\n\"], \"id\": [\"None\", \"339\"], \"references\": [\"None\", \"\\n\\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:56.664000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:56.668000\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.432Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1192,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "340",
+ "object_id": 340,
+ "object_repr": "Cross-site scripting (reflected)",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cross-site scripting (reflected)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\\n\\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \\\" ' and =, should be replaced with the corresponding HTML entities (< > etc).\\n\\n\\n\\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\\n\"], \"impact\": [\"None\", \"Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\\n\\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\\n\\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\\n\\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \\n\"], \"id\": [\"None\", \"340\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:57.169000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:57.173000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.479Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1193,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "341",
+ "object_id": 341,
+ "object_repr": "Unencrypted communications",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Unencrypted communications\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\\n\"], \"impact\": [\"None\", \"The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\\n\\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \\n\\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\\n\"], \"id\": [\"None\", \"341\"], \"references\": [\"None\", \"\\n\\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:57.467000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:57.469000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.526Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1194,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "342",
+ "object_id": 342,
+ "object_repr": "Password returned in later response",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Password returned in later response\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\\n\"], \"impact\": [\"None\", \"Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"id\": [\"None\", \"342\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:57.725000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:57.728000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.568Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1195,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "343",
+ "object_id": 343,
+ "object_repr": "Email addresses disclosed",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Email addresses disclosed\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@test.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\\n\\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \\n\"], \"impact\": [\"None\", \"The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\\n\\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\\n\"], \"id\": [\"None\", \"343\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:57.976000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:57.978000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.610Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1196,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "344",
+ "object_id": 344,
+ "object_repr": "Cross-site request forgery",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cross-site request forgery\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\\n\\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \\n\"], \"impact\": [\"None\", \"Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\\n\\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\\n\\n\\n\"], \"id\": [\"None\", \"344\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:58.316000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:58.319000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.655Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1197,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "345",
+ "object_id": 345,
+ "object_repr": "SQL injection",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL injection\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \\n \\nThe database appears to be Microsoft SQL Server.\\n\\n\"], \"mitigation\": [\"None\", \"The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \\n\\n\\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\\n\\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \\n\\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\\n\\n\\n\"], \"impact\": [\"None\", \"SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\\n\\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \\n\"], \"id\": [\"None\", \"345\"], \"references\": [\"None\", \"\\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:58.571000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:58.575000\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.700Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1198,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "346",
+ "object_id": 346,
+ "object_repr": "Path-relative style sheet import",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Path-relative style sheet import\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/logout.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \\n\\n * Setting the HTTP response header \\\"X-Frame-Options: deny\\\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\\n * Setting a modern doctype (e.g. \\\"\\\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\\n * Setting the HTTP response header \\\"X-Content-Type-Options: no sniff\\\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\\n\\n\\n\"], \"impact\": [\"None\", \"Path-relative style sheet import vulnerabilities arise when the following conditions hold:\\n\\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \\\"/original-path/file.php\\\" might import \\\"styles/main.css\\\").\\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \\\"/original-path/file.php/extra-junk/\\\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \\\"/original-path/file.php/extra-junk/styles/main.css\\\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\\n\\n\\n\\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\\n\\n * Executing arbitrary JavaScript using IE's expression() function.\\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\\n\\n\\n\"], \"id\": [\"None\", \"346\"], \"references\": [\"None\", \"\\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:58.868000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:58.871000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.747Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1199,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_pk": "347",
+ "object_id": 347,
+ "object_repr": "Cleartext submission of password",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cleartext submission of password\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\\n\"], \"impact\": [\"None\", \"Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"id\": [\"None\", \"347\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:59.333000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:59.337000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.793Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1200,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_pk": "1",
+ "object_id": 1,
+ "object_repr": "XSS template",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"description\": [\"None\", \"XSS test template\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"template_match\": [\"None\", \"False\"], \"template_match_title\": [\"None\", \"False\"], \"id\": [\"None\", \"1\"], \"title\": [\"None\", \"XSS template\"], \"severity\": [\"None\", \"HIGH\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:20.836Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "auditlog.logentry",
+ "pk": 1203,
+ "fields": {
+ "content_type": [
+ "dojo",
+ "finding_group"
+ ],
+ "object_pk": "1",
+ "object_id": 1,
+ "object_repr": "Simple Builtin Risk Acceptance",
+ "serialized_data": null,
+ "action": 0,
+ "changes": "{\"created\": [\"None\", \"2024-01-28 23:13:08.520000\"], \"name\": [\"None\", \"Simple Builtin Risk Acceptance\"], \"recommendation\": [\"None\", \"F\"], \"decision\": [\"None\", \"A\"], \"decision_details\": [\"None\", \"These findings are accepted using a simple risk acceptance without expiration date, approval document or compensating control information. Unaccept and use full risk acceptance if you need to have more control over those fields.\"], \"path\": [\"None\", \"\"], \"owner\": [\"None\", \"(admin)\"], \"reactivate_expired\": [\"None\", \"True\"], \"restart_sla_expired\": [\"None\", \"False\"], \"id\": [\"None\", \"1\"], \"updated\": [\"None\", \"2024-01-28 23:13:08.520000\"]}",
+ "actor": null,
+ "remote_addr": null,
+ "timestamp": "2025-01-09T17:47:21.137Z",
+ "additional_data": null
+ }
+},
+{
+ "model": "dojo.regulation",
+ "pk": 1,
+ "fields": {
+ "name": "Payment Card Industry Data Security Standard",
+ "acronym": "PCI DSS",
+ "category": "finance",
+ "jurisdiction": "United States",
+ "description": "The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.",
+ "reference": "http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard"
+ }
+},
+{
+ "model": "dojo.regulation",
+ "pk": 2,
+ "fields": {
+ "name": "Health Insurance Portability and Accountability Act",
+ "acronym": "HIPAA",
+ "category": "medical",
+ "jurisdiction": "United States",
+ "description": "The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum-Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.",
+ "reference": "http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act"
+ }
+},
+{
+ "model": "dojo.regulation",
+ "pk": 3,
+ "fields": {
+ "name": "Family Educational Rights and Privacy Act",
+ "acronym": "FERPA",
+ "category": "education",
+ "jurisdiction": "United States",
+ "description": "The Family Educational Rights and Privacy Act of 1974 (FERPA) is a United States federal law that gives parents access to their child's education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records. With several exceptions, schools must have a student's consent prior to the disclosure of education records after that student is 18 years old. The law applies only to educational agencies and institutions that receive funding under a program administered by the U.S. Department of Education. Other regulations under this act, effective starting January 3, 2012, allow for greater disclosures of personal and directory student identifying information and regulate student IDs and e-mail addresses.",
+ "reference": "http://en.wikipedia.org/wiki/Family_Educational_Rights_and_Privacy_Act"
+ }
+},
+{
+ "model": "dojo.regulation",
+ "pk": 4,
+ "fields": {
+ "name": "Sarbanes–Oxley Act",
+ "acronym": "SOX",
+ "category": "finance",
+ "jurisdiction": "United States",
+ "description": "The Sarbanes–Oxley Act of 2002 (SOX) is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms. There are also a number of provisions of the Act that also apply to privately held companies, for example the willful destruction of evidence to impede a Federal investigation.",
+ "reference": "http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act"
+ }
+},
+{
+ "model": "dojo.regulation",
+ "pk": 5,
+ "fields": {
+ "name": "Gramm–Leach–Bliley Act",
+ "acronym": "GLBA",
+ "category": "finance",
+ "jurisdiction": "United States",
+ "description": "The Gramm–Leach–Bliley Act (GLBA) is an act of the 106th United States Congress. It repealed part of the Glass–Steagall Act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies that prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company. With the bipartisan passage of the Gramm–Leach–Bliley Act, commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Furthermore, it failed to give to the SEC or any other financial regulatory agency the authority to regulate large investment bank holding companies.",
+ "reference": "http://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act"
+ }
+},
+{
+ "model": "dojo.regulation",
+ "pk": 6,
+ "fields": {
+ "name": "Personal Information Protection and Electronic Documents Act",
+ "acronym": "PIPEDA",
+ "category": "privacy",
+ "jurisdiction": "Canada",
+ "description": "The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. PIPEDA became law on 13 April 2000 to promote consumer trust in electronic commerce. The act was also intended to reassure the European Union that the Canadian privacy law was adequate to protect the personal information of European citizens.",
+ "reference": "http://en.wikipedia.org/wiki/Personal_Information_Protection_and_Electronic_Documents_Act"
+ }
+},
+{
+ "model": "dojo.regulation",
+ "pk": 7,
+ "fields": {
+ "name": "Data Protection Act 1998",
+ "acronym": "DPA",
+ "category": "privacy",
+ "jurisdiction": "United Kingdom",
+ "description": "The Data Protection Act 1998 (DPA) is an Act of Parliament of the United Kingdom of Great Britain and Northern Ireland which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring British law into line with the EU data protection directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves. Most of the Act does not apply to domestic use, for example keeping a personal address book. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles. It also requires companies and individuals to keep personal information to themselves.",
+ "reference": "http://en.wikipedia.org/wiki/Data_Protection_Act_1998"
+ }
+},
+{
+ "model": "dojo.regulation",
+ "pk": 8,
+ "fields": {
+ "name": "Children's Online Privacy Protection Act",
+ "acronym": "COPPA",
+ "category": "privacy",
+ "jurisdiction": "United States",
+ "description": "The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law that applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing to those under 13. While children under 13 can legally give out personal information with their parents' permission, many websites disallow underage children from using their services altogether due to the amount of cash and work involved in the law compliance.",
+ "reference": "http://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act"
+ }
+},
+{
+ "model": "dojo.regulation",
+ "pk": 9,
+ "fields": {
+ "name": "California Security Breach Information Act",
+ "acronym": "CA SB-1386",
+ "category": "privacy",
+ "jurisdiction": "United States, California",
+ "description": "In the United States, the California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those individuals if the security of their information is compromised. The Act stipulates that if there's a security breach of a database containing personal data, the responsible organization must notify each individual for whom it maintained information. The Act, which went into effect July 1, 2003, was created to help stem the increasing incidence of identity theft.",
+ "reference": "http://en.wikipedia.org/wiki/California_S.B._1386"
+ }
+},
+{
+ "model": "dojo.regulation",
+ "pk": 10,
+ "fields": {
+ "name": "California Online Privacy Protection Act",
+ "acronym": "OPPA",
+ "category": "privacy",
+ "jurisdiction": "United States, California",
+ "description": "The California Online Privacy Protection Act of 2003 (OPPA), effective as of July 1, 2004, is a California State Law. According to this law, operators of commercial websites that collect Personally identifiable information from California's residents are required to conspicuously post and comply with a privacy policy that meets certain requirements.",
+ "reference": "http://en.wikipedia.org/wiki/Online_Privacy_Protection_Act"
+ }
+},
+{
+ "model": "dojo.regulation",
+ "pk": 11,
+ "fields": {
+ "name": "Data Protection Directive",
+ "acronym": "Directive 95/46/EC",
+ "category": "privacy",
+ "jurisdiction": "European Union",
+ "description": "The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is a European Union directive adopted in 1995 which regulates the processing of personal data within the European Union. It is an important component of EU privacy and human rights law.",
+ "reference": "http://en.wikipedia.org/wiki/Data_Protection_Directive"
+ }
+},
+{
+ "model": "dojo.regulation",
+ "pk": 12,
+ "fields": {
+ "name": "Directive on Privacy and Electronic Communications",
+ "acronym": "Directive 2002/58/EC",
+ "category": "privacy",
+ "jurisdiction": "European Union",
+ "description": "Directive 2002/58 on Privacy and Electronic Communications, otherwise known as E-Privacy Directive, is an EU directive on data protection and privacy in the digital age. It presents a continuation of earlier efforts, most directly the Data Protection Directive. It deals with the regulation of a number of important issues such as confidentiality of information, treatment of traffic data, spam and cookies. This Directive has been amended by Directive 2009/136, which introduces several changes, especially in what concerns cookies, that are now subject to prior consent.",
+ "reference": "http://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electronic_Communications"
+ }
+},
+{
+ "model": "dojo.regulation",
+ "pk": 13,
+ "fields": {
+ "name": "General Data Protection Regulation",
+ "acronym": "GDPR",
+ "category": "privacy",
+ "jurisdiction": "EU & EU Data Extra-Territorial Applicability",
+ "description": "The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.\r\n\r\nSuperseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personally identifiable information of data subjects inside the European Union, and applies to all enterprises, regardless of location, that are doing business with the European Economic Area. Business processes that handle personal data must be built with data protection by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent from the data's owner. The data owner has the right to revoke this permission at any time.",
+ "reference": "https://www.eugdpr.org/"
+ }
+},
+{
+ "model": "dojo.usercontactinfo",
+ "pk": 1,
+ "fields": {
+ "user": [
+ "admin"
+ ],
+ "title": null,
+ "phone_number": "",
+ "cell_number": "",
+ "twitter_username": null,
+ "github_username": null,
+ "slack_username": null,
+ "slack_user_id": null,
+ "block_execution": false,
+ "force_password_reset": false
+ }
+},
+{
+ "model": "dojo.usercontactinfo",
+ "pk": 2,
+ "fields": {
+ "user": [
+ "product_manager"
+ ],
+ "title": null,
+ "phone_number": "",
+ "cell_number": "",
+ "twitter_username": null,
+ "github_username": null,
+ "slack_username": null,
+ "slack_user_id": null,
+ "block_execution": false,
+ "force_password_reset": false
+ }
+},
+{
+ "model": "dojo.usercontactinfo",
+ "pk": 3,
+ "fields": {
+ "user": [
+ "user2"
+ ],
+ "title": null,
+ "phone_number": "",
+ "cell_number": "",
+ "twitter_username": null,
+ "github_username": null,
+ "slack_username": null,
+ "slack_user_id": null,
+ "block_execution": false,
+ "force_password_reset": false
+ }
+},
+{
+ "model": "dojo.role",
+ "pk": 1,
+ "fields": {
+ "name": "API_Importer",
+ "is_owner": false
+ }
+},
+{
+ "model": "dojo.role",
+ "pk": 2,
+ "fields": {
+ "name": "Writer",
+ "is_owner": false
+ }
+},
+{
+ "model": "dojo.role",
+ "pk": 3,
+ "fields": {
+ "name": "Maintainer",
+ "is_owner": false
+ }
+},
+{
+ "model": "dojo.role",
+ "pk": 4,
+ "fields": {
+ "name": "Owner",
+ "is_owner": true
+ }
+},
+{
+ "model": "dojo.role",
+ "pk": 5,
+ "fields": {
+ "name": "Reader",
+ "is_owner": false
+ }
+},
+{
+ "model": "dojo.system_settings",
+ "pk": 1,
+ "fields": {
+ "enable_deduplication": false,
+ "delete_duplicates": false,
+ "max_dupes": null,
+ "email_from": "no-reply@example.com",
+ "enable_jira": false,
+ "enable_jira_web_hook": false,
+ "disable_jira_webhook_secret": false,
+ "jira_webhook_secret": null,
+ "jira_minimum_severity": null,
+ "jira_labels": null,
+ "add_vulnerability_id_to_jira_label": false,
+ "enable_github": false,
+ "enable_slack_notifications": false,
+ "slack_channel": "",
+ "slack_token": "",
+ "slack_username": "",
+ "enable_msteams_notifications": false,
+ "msteams_url": "",
+ "enable_mail_notifications": false,
+ "mail_notifications_to": "",
+ "enable_webhooks_notifications": false,
+ "webhooks_notifications_timeout": 10,
+ "enforce_verified_status": true,
+ "enforce_verified_status_jira": true,
+ "enforce_verified_status_product_grading": true,
+ "enforce_verified_status_metrics": true,
+ "false_positive_history": false,
+ "retroactive_false_positive_history": false,
+ "url_prefix": "",
+ "team_name": "",
+ "time_zone": "UTC",
+ "enable_product_grade": true,
+ "product_grade": "def grade_product(crit, high, med, low):\r\n health=100\r\n if crit > 0:\r\n health = 40\r\n health = health - ((crit - 1) * 5)\r\n if high > 0:\r\n if health == 100:\r\n health = 60\r\n health = health - ((high - 1) * 3)\r\n if med > 0:\r\n if health == 100:\r\n health = 80\r\n health = health - ((med - 1) * 2)\r\n if low > 0:\r\n if health == 100:\r\n health = 95\r\n health = health - low\r\n\r\n if health < 5:\r\n health = 5\r\n\r\n return health",
+ "product_grade_a": 90,
+ "product_grade_b": 80,
+ "product_grade_c": 70,
+ "product_grade_d": 60,
+ "product_grade_f": 59,
+ "enable_product_tag_inheritance": false,
+ "enable_benchmark": true,
+ "enable_template_match": false,
+ "enable_similar_findings": true,
+ "engagement_auto_close": false,
+ "engagement_auto_close_days": 3,
+ "enable_finding_sla": true,
+ "enable_notify_sla_active": false,
+ "enable_notify_sla_active_verified": false,
+ "enable_notify_sla_jira_only": false,
+ "enable_notify_sla_exponential_backoff": false,
+ "allow_anonymous_survey_repsonse": false,
+ "credentials": "",
+ "disclaimer": "",
+ "risk_acceptance_form_default_days": 180,
+ "risk_acceptance_notify_before_expiration": 10,
+ "enable_credentials": true,
+ "enable_questionnaires": true,
+ "enable_checklists": true,
+ "enable_endpoint_metadata_import": true,
+ "enable_user_profile_editable": true,
+ "enable_product_tracking_files": true,
+ "enable_finding_groups": true,
+ "enable_ui_table_based_searching": true,
+ "enable_calendar": true,
+ "default_group": null,
+ "default_group_role": null,
+ "default_group_email_pattern": "",
+ "minimum_password_length": 9,
+ "maximum_password_length": 48,
+ "number_character_required": true,
+ "special_character_required": true,
+ "lowercase_character_required": true,
+ "uppercase_character_required": true,
+ "non_common_password_required": true,
+ "api_expose_error_details": false,
+ "filter_string_matching": false
+ }
+},
+{
+ "model": "dojo.product_type",
+ "pk": 1,
+ "fields": {
+ "name": "Research and Development",
+ "description": null,
+ "critical_product": false,
+ "key_product": false,
+ "updated": null,
+ "created": null
+ }
+},
+{
+ "model": "dojo.product_type",
+ "pk": 2,
+ "fields": {
+ "name": "Commerce",
+ "description": null,
+ "critical_product": true,
+ "key_product": false,
+ "updated": "2021-11-04T09:27:38.846Z",
+ "created": null
+ }
+},
+{
+ "model": "dojo.product_type",
+ "pk": 3,
+ "fields": {
+ "name": "Billing",
+ "description": null,
+ "critical_product": false,
+ "key_product": true,
+ "updated": "2021-11-04T09:27:51.762Z",
+ "created": null
+ }
+},
+{
+ "model": "dojo.report_type",
+ "pk": 1,
+ "fields": {
+ "name": "Type 1"
+ }
+},
+{
+ "model": "dojo.report_type",
+ "pk": 2,
+ "fields": {
+ "name": "Type 2"
+ }
+},
+{
+ "model": "dojo.report_type",
+ "pk": 3,
+ "fields": {
+ "name": "Type 3"
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 1,
+ "fields": {
+ "name": "API Test",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 2,
+ "fields": {
+ "name": "Static Check",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 3,
+ "fields": {
+ "name": "Pen Test",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 4,
+ "fields": {
+ "name": "Nessus Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 5,
+ "fields": {
+ "name": "Web Application Test",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 6,
+ "fields": {
+ "name": "Security Research",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 7,
+ "fields": {
+ "name": "Threat Modeling",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 8,
+ "fields": {
+ "name": "Veracode Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 9,
+ "fields": {
+ "name": "Burp Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 10,
+ "fields": {
+ "name": "Nexpose Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 11,
+ "fields": {
+ "name": "ZAP Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 12,
+ "fields": {
+ "name": "Checkmarx Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 13,
+ "fields": {
+ "name": "OpenVAS CSV",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 14,
+ "fields": {
+ "name": "Bandit Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 15,
+ "fields": {
+ "name": "SSL Labs Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 16,
+ "fields": {
+ "name": "AppSpider Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 17,
+ "fields": {
+ "name": "Dependency Check Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 18,
+ "fields": {
+ "name": "Generic Findings Import",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 19,
+ "fields": {
+ "name": "Nmap Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 20,
+ "fields": {
+ "name": "Node Security Platform Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 21,
+ "fields": {
+ "name": "Qualys Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 22,
+ "fields": {
+ "name": "Qualys Web App Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 23,
+ "fields": {
+ "name": "Retire.js Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 24,
+ "fields": {
+ "name": "SKF Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 25,
+ "fields": {
+ "name": "Snyk Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 27,
+ "fields": {
+ "name": "Trustwave",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 28,
+ "fields": {
+ "name": "VCG Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 29,
+ "fields": {
+ "name": "Manual Code Review",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 30,
+ "fields": {
+ "name": "Gosec Scanner",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 31,
+ "fields": {
+ "name": "NPM Audit Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 32,
+ "fields": {
+ "name": "Clair Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 33,
+ "fields": {
+ "name": "Acunetix Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 34,
+ "fields": {
+ "name": "Acunetix360 Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 35,
+ "fields": {
+ "name": "Anchore Engine Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 36,
+ "fields": {
+ "name": "Anchore Enterprise Policy Check",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 37,
+ "fields": {
+ "name": "Anchore Grype",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 38,
+ "fields": {
+ "name": "Aqua Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 39,
+ "fields": {
+ "name": "Arachni Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 40,
+ "fields": {
+ "name": "AuditJS Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 41,
+ "fields": {
+ "name": "AWS Prowler Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 42,
+ "fields": {
+ "name": "AWS Scout2 Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 43,
+ "fields": {
+ "name": "AWS Security Hub Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 44,
+ "fields": {
+ "name": "Azure Security Center Recommendations Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 45,
+ "fields": {
+ "name": "Blackduck Hub Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 46,
+ "fields": {
+ "name": "Blackduck Component Risk",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 47,
+ "fields": {
+ "name": "Brakeman Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 48,
+ "fields": {
+ "name": "BugCrowd Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 49,
+ "fields": {
+ "name": "Bundler-Audit Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 50,
+ "fields": {
+ "name": "Burp REST API",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 51,
+ "fields": {
+ "name": "Burp Enterprise Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 52,
+ "fields": {
+ "name": "Burp GraphQL API",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 53,
+ "fields": {
+ "name": "CargoAudit Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 54,
+ "fields": {
+ "name": "CCVS Report",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 55,
+ "fields": {
+ "name": "Checkmarx Scan detailed",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 56,
+ "fields": {
+ "name": "Checkmarx OSA",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 57,
+ "fields": {
+ "name": "Checkov Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 58,
+ "fields": {
+ "name": "Rusty Hog Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 59,
+ "fields": {
+ "name": "Clair Klar Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 60,
+ "fields": {
+ "name": "Cloudsploit Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 61,
+ "fields": {
+ "name": "Cobalt.io Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 62,
+ "fields": {
+ "name": "Cobalt.io API Import",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 63,
+ "fields": {
+ "name": "Contrast Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 64,
+ "fields": {
+ "name": "Coverity API",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 65,
+ "fields": {
+ "name": "Crashtest Security JSON File",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 66,
+ "fields": {
+ "name": "Crashtest Security XML File",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 67,
+ "fields": {
+ "name": "CredScan Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 68,
+ "fields": {
+ "name": "CycloneDX Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 69,
+ "fields": {
+ "name": "DawnScanner Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 70,
+ "fields": {
+ "name": "Dependency Track Finding Packaging Format (FPF) Export",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 71,
+ "fields": {
+ "name": "Detect-secrets Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 72,
+ "fields": {
+ "name": "Dockle Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 73,
+ "fields": {
+ "name": "DrHeader JSON Importer",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 74,
+ "fields": {
+ "name": "DSOP Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 75,
+ "fields": {
+ "name": "ESLint Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 76,
+ "fields": {
+ "name": "Fortify Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 77,
+ "fields": {
+ "name": "Github Vulnerability Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 78,
+ "fields": {
+ "name": "GitLab API Fuzzing Report Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 79,
+ "fields": {
+ "name": "GitLab Container Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 80,
+ "fields": {
+ "name": "GitLab DAST Report",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 81,
+ "fields": {
+ "name": "GitLab Dependency Scanning Report",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 82,
+ "fields": {
+ "name": "GitLab SAST Report",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 83,
+ "fields": {
+ "name": "GitLab Secret Detection Report",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 84,
+ "fields": {
+ "name": "Gitleaks Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 85,
+ "fields": {
+ "name": "HackerOne Cases",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 86,
+ "fields": {
+ "name": "Hadolint Dockerfile check",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 87,
+ "fields": {
+ "name": "Harbor Vulnerability Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 88,
+ "fields": {
+ "name": "HuskyCI Report",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 89,
+ "fields": {
+ "name": "IBM AppScan DAST",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 90,
+ "fields": {
+ "name": "Immuniweb Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 91,
+ "fields": {
+ "name": "IntSights Report",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 92,
+ "fields": {
+ "name": "JFrog Xray Unified Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 93,
+ "fields": {
+ "name": "JFrog Xray Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 94,
+ "fields": {
+ "name": "KICS Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 95,
+ "fields": {
+ "name": "Kiuwan Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 96,
+ "fields": {
+ "name": "kube-bench Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 97,
+ "fields": {
+ "name": "Meterian Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 98,
+ "fields": {
+ "name": "Microfocus Webinspect Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 99,
+ "fields": {
+ "name": "MobSF Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 100,
+ "fields": {
+ "name": "Mobsfscan Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 101,
+ "fields": {
+ "name": "Mozilla Observatory Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 102,
+ "fields": {
+ "name": "Nessus WAS Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 103,
+ "fields": {
+ "name": "Netsparker Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 104,
+ "fields": {
+ "name": "Nikto Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 105,
+ "fields": {
+ "name": "Nuclei Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 106,
+ "fields": {
+ "name": "Openscap Vulnerability Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 107,
+ "fields": {
+ "name": "ORT evaluated model Importer",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 108,
+ "fields": {
+ "name": "OssIndex Devaudit SCA Scan Importer",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 109,
+ "fields": {
+ "name": "Outpost24 Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 110,
+ "fields": {
+ "name": "PHP Security Audit v2",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 111,
+ "fields": {
+ "name": "PHP Symfony Security Check",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 112,
+ "fields": {
+ "name": "PMD Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 113,
+ "fields": {
+ "name": "Qualys Infrastructure Scan (WebGUI XML)",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 114,
+ "fields": {
+ "name": "Qualys Webapp Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 115,
+ "fields": {
+ "name": "Risk Recon API Importer",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 117,
+ "fields": {
+ "name": "SARIF",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 118,
+ "fields": {
+ "name": "Scantist Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 119,
+ "fields": {
+ "name": "Scout Suite Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 120,
+ "fields": {
+ "name": "Semgrep JSON Report",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 121,
+ "fields": {
+ "name": "SonarQube Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 122,
+ "fields": {
+ "name": "SonarQube Scan detailed",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 123,
+ "fields": {
+ "name": "SonarQube API Import",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 124,
+ "fields": {
+ "name": "Sonatype Application Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 125,
+ "fields": {
+ "name": "SpotBugs Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 126,
+ "fields": {
+ "name": "Sslscan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 127,
+ "fields": {
+ "name": "SSLyze Scan (JSON)",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 128,
+ "fields": {
+ "name": "Sslyze Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 129,
+ "fields": {
+ "name": "Terrascan Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 130,
+ "fields": {
+ "name": "Testssl Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 131,
+ "fields": {
+ "name": "TFSec Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 132,
+ "fields": {
+ "name": "Trivy Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 133,
+ "fields": {
+ "name": "Trufflehog Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 134,
+ "fields": {
+ "name": "Trufflehog3 Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 135,
+ "fields": {
+ "name": "Trustwave Scan (CSV)",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 136,
+ "fields": {
+ "name": "Trustwave Fusion API Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 137,
+ "fields": {
+ "name": "Twistlock Image Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 138,
+ "fields": {
+ "name": "Wapiti Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 139,
+ "fields": {
+ "name": "WFuzz JSON report",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 140,
+ "fields": {
+ "name": "WhiteHat Sentinel",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 141,
+ "fields": {
+ "name": "Mend Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 142,
+ "fields": {
+ "name": "Wpscan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 143,
+ "fields": {
+ "name": "Xanitizer Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 144,
+ "fields": {
+ "name": "Yarn Audit Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.test_type",
+ "pk": 149,
+ "fields": {
+ "name": "JFrog Xray On Demand Binary Scan",
+ "static_tool": false,
+ "dynamic_tool": false,
+ "active": true,
+ "dynamically_generated": false
+ }
+},
+{
+ "model": "dojo.sla_configuration",
+ "pk": 1,
+ "fields": {
+ "name": "Default",
+ "description": "The Default SLA Configuration. Products not using an explicit SLA Configuration will use this one.",
+ "critical": 7,
+ "enforce_critical": true,
+ "high": 30,
+ "enforce_high": true,
+ "medium": 90,
+ "enforce_medium": true,
+ "low": 120,
+ "enforce_low": true,
+ "async_updating": false
+ }
+},
+{
+ "model": "dojo.tagulous_product_tags",
+ "pk": 1,
+ "fields": {
+ "name": "retire",
+ "slug": "retire",
+ "count": 1,
+ "protected": false
+ }
+},
+{
+ "model": "dojo.product",
+ "pk": 1,
+ "fields": {
+ "name": "BodgeIt",
+ "description": "[Features](https://github.com/psiinon/bodgeit) and characteristics:\r\n\r\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\r\n* Self contained (no additional dependencies other than to 2 in the above line)\r\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\r\n* Cross platform\r\n* Open source\r\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up",
+ "product_manager": [
+ "admin"
+ ],
+ "technical_contact": [
+ "user2"
+ ],
+ "team_manager": [
+ "product_manager"
+ ],
+ "created": null,
+ "prod_type": 2,
+ "updated": "2025-01-17T16:52:28.298Z",
+ "sla_configuration": 1,
+ "tid": 0,
+ "prod_numeric_grade": 5,
+ "business_criticality": "high",
+ "platform": "web",
+ "lifecycle": "production",
+ "origin": "internal",
+ "user_records": 1000000000,
+ "revenue": "1000.00",
+ "external_audience": true,
+ "internet_accessible": true,
+ "enable_product_tag_inheritance": false,
+ "enable_simple_risk_acceptance": false,
+ "enable_full_risk_acceptance": true,
+ "disable_sla_breach_notifications": false,
+ "async_updating": false,
+ "regulations": [
+ 13,
+ 1
+ ],
+ "tags": [
+ "retire"
+ ]
+ }
+},
+{
+ "model": "dojo.product",
+ "pk": 2,
+ "fields": {
+ "name": "Internal CRM App",
+ "description": "* New product in development that attempts to follow all best practices",
+ "product_manager": [
+ "product_manager"
+ ],
+ "technical_contact": [
+ "product_manager"
+ ],
+ "team_manager": [
+ "user2"
+ ],
+ "created": null,
+ "prod_type": 2,
+ "updated": "2025-01-17T16:52:28.346Z",
+ "sla_configuration": 1,
+ "tid": 0,
+ "prod_numeric_grade": 51,
+ "business_criticality": "medium",
+ "platform": "web",
+ "lifecycle": "construction",
+ "origin": "internal",
+ "user_records": null,
+ "revenue": null,
+ "external_audience": false,
+ "internet_accessible": false,
+ "enable_product_tag_inheritance": false,
+ "enable_simple_risk_acceptance": false,
+ "enable_full_risk_acceptance": true,
+ "disable_sla_breach_notifications": false,
+ "async_updating": false,
+ "regulations": [],
+ "tags": []
+ }
+},
+{
+ "model": "dojo.product",
+ "pk": 3,
+ "fields": {
+ "name": "Apple Accounting Software",
+ "description": "Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers",
+ "product_manager": [
+ "admin"
+ ],
+ "technical_contact": [
+ "user2"
+ ],
+ "team_manager": [
+ "user2"
+ ],
+ "created": null,
+ "prod_type": 3,
+ "updated": null,
+ "sla_configuration": 1,
+ "tid": 0,
+ "prod_numeric_grade": null,
+ "business_criticality": "high",
+ "platform": "web",
+ "lifecycle": "production",
+ "origin": "purchased",
+ "user_records": 5000,
+ "revenue": null,
+ "external_audience": true,
+ "internet_accessible": false,
+ "enable_product_tag_inheritance": false,
+ "enable_simple_risk_acceptance": false,
+ "enable_full_risk_acceptance": true,
+ "disable_sla_breach_notifications": false,
+ "async_updating": false,
+ "regulations": [
+ 5
+ ],
+ "tags": []
+ }
+},
+{
+ "model": "dojo.tool_type",
+ "pk": 1,
+ "fields": {
+ "name": "DAST",
+ "description": "Dynamic Application Security Testing"
+ }
+},
+{
+ "model": "dojo.tool_type",
+ "pk": 2,
+ "fields": {
+ "name": "SAST",
+ "description": "Static Application Security Testing"
+ }
+},
+{
+ "model": "dojo.tool_type",
+ "pk": 3,
+ "fields": {
+ "name": "IAST",
+ "description": "Interactive Application Security Testing"
+ }
+},
+{
+ "model": "dojo.tool_type",
+ "pk": 4,
+ "fields": {
+ "name": "Source Code",
+ "description": "Source Code Management"
+ }
+},
+{
+ "model": "dojo.tool_type",
+ "pk": 5,
+ "fields": {
+ "name": "Build Sever",
+ "description": "Build Server"
+ }
+},
+{
+ "model": "dojo.tool_configuration",
+ "pk": 1,
+ "fields": {
+ "name": "Tool Configuration 1",
+ "description": "test configuration",
+ "url": "http://www.example.com",
+ "tool_type": 1,
+ "authentication_type": "Password",
+ "extras": null,
+ "username": "user1",
+ "password": "user1",
+ "auth_title": "",
+ "ssh": "",
+ "api_key": ""
+ }
+},
+{
+ "model": "dojo.tool_configuration",
+ "pk": 2,
+ "fields": {
+ "name": "Tool Configuration 2",
+ "description": "test configuration",
+ "url": "http://www.example.com",
+ "tool_type": 2,
+ "authentication_type": "API",
+ "extras": null,
+ "username": "",
+ "password": "",
+ "auth_title": "test key",
+ "ssh": "",
+ "api_key": "test string"
+ }
+},
+{
+ "model": "dojo.tool_configuration",
+ "pk": 3,
+ "fields": {
+ "name": "Tool Configuration 3",
+ "description": "test configuration",
+ "url": "http://www.example.com",
+ "tool_type": 3,
+ "authentication_type": "SSH",
+ "extras": null,
+ "username": "",
+ "password": "",
+ "auth_title": "test ssh",
+ "ssh": "test string",
+ "api_key": ""
+ }
+},
+{
+ "model": "dojo.tagulous_engagement_tags",
+ "pk": 2,
+ "fields": {
+ "name": "pci",
+ "slug": "pci",
+ "count": 2,
+ "protected": false
+ }
+},
+{
+ "model": "dojo.engagement",
+ "pk": 1,
+ "fields": {
+ "name": "1st Quarter Engagement",
+ "description": "test Engagement",
+ "version": null,
+ "first_contacted": null,
+ "target_start": "2021-06-30",
+ "target_end": "2021-06-30",
+ "lead": [
+ "product_manager"
+ ],
+ "requester": null,
+ "preset": null,
+ "reason": null,
+ "report_type": null,
+ "product": 2,
+ "updated": null,
+ "created": null,
+ "active": true,
+ "tracker": null,
+ "test_strategy": null,
+ "threat_model": true,
+ "api_test": true,
+ "pen_test": true,
+ "check_list": true,
+ "status": "In Progress",
+ "progress": "threat_model",
+ "tmodel_path": "none",
+ "done_testing": false,
+ "engagement_type": "Interactive",
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "build_server": null,
+ "source_code_management_server": null,
+ "source_code_management_uri": null,
+ "orchestration_engine": null,
+ "deduplication_on_engagement": false,
+ "notes": [],
+ "files": [],
+ "risk_acceptance": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.engagement",
+ "pk": 2,
+ "fields": {
+ "name": "April Monthly Engagement",
+ "description": "Requested by the team for regular manual checkup by the security team.",
+ "version": null,
+ "first_contacted": null,
+ "target_start": "2021-06-30",
+ "target_end": "2021-06-30",
+ "lead": [
+ "admin"
+ ],
+ "requester": null,
+ "preset": null,
+ "reason": null,
+ "report_type": null,
+ "product": 1,
+ "updated": "2021-11-04T09:15:49.870Z",
+ "created": null,
+ "active": false,
+ "tracker": null,
+ "test_strategy": "",
+ "threat_model": true,
+ "api_test": true,
+ "pen_test": true,
+ "check_list": true,
+ "status": "Completed",
+ "progress": "threat_model",
+ "tmodel_path": "none",
+ "done_testing": false,
+ "engagement_type": "Interactive",
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "build_server": null,
+ "source_code_management_server": null,
+ "source_code_management_uri": null,
+ "orchestration_engine": null,
+ "deduplication_on_engagement": false,
+ "notes": [],
+ "files": [],
+ "risk_acceptance": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.engagement",
+ "pk": 3,
+ "fields": {
+ "name": "weekly engagement",
+ "description": "test Engagement",
+ "version": null,
+ "first_contacted": null,
+ "target_start": "2021-06-21",
+ "target_end": "2021-06-22",
+ "lead": [
+ "product_manager"
+ ],
+ "requester": null,
+ "preset": null,
+ "reason": null,
+ "report_type": null,
+ "product": 2,
+ "updated": null,
+ "created": null,
+ "active": true,
+ "tracker": null,
+ "test_strategy": null,
+ "threat_model": true,
+ "api_test": true,
+ "pen_test": true,
+ "check_list": true,
+ "status": "Completed",
+ "progress": "threat_model",
+ "tmodel_path": "none",
+ "done_testing": false,
+ "engagement_type": "Interactive",
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "build_server": null,
+ "source_code_management_server": null,
+ "source_code_management_uri": null,
+ "orchestration_engine": null,
+ "deduplication_on_engagement": false,
+ "notes": [],
+ "files": [],
+ "risk_acceptance": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.engagement",
+ "pk": 4,
+ "fields": {
+ "name": "Static Scan",
+ "description": "Initial static scan for Bodgeit.",
+ "version": "v.1.2.0",
+ "first_contacted": null,
+ "target_start": "2021-11-03",
+ "target_end": "2021-11-10",
+ "lead": [
+ "admin"
+ ],
+ "requester": null,
+ "preset": null,
+ "reason": null,
+ "report_type": null,
+ "product": 1,
+ "updated": "2021-11-04T09:14:58.726Z",
+ "created": "2021-11-04T09:01:00.647Z",
+ "active": false,
+ "tracker": null,
+ "test_strategy": "",
+ "threat_model": false,
+ "api_test": false,
+ "pen_test": false,
+ "check_list": false,
+ "status": "Completed",
+ "progress": "other",
+ "tmodel_path": "none",
+ "done_testing": false,
+ "engagement_type": "Interactive",
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "build_server": null,
+ "source_code_management_server": null,
+ "source_code_management_uri": null,
+ "orchestration_engine": null,
+ "deduplication_on_engagement": false,
+ "notes": [],
+ "files": [],
+ "risk_acceptance": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.engagement",
+ "pk": 6,
+ "fields": {
+ "name": "Quarterly PCI Scan",
+ "description": "Reccuring Quarterly Scan",
+ "version": null,
+ "first_contacted": null,
+ "target_start": "2022-01-19",
+ "target_end": "2022-01-26",
+ "lead": [
+ "admin"
+ ],
+ "requester": null,
+ "preset": null,
+ "reason": null,
+ "report_type": null,
+ "product": 1,
+ "updated": "2021-11-04T09:26:47.339Z",
+ "created": "2021-11-04T09:25:29.380Z",
+ "active": true,
+ "tracker": null,
+ "test_strategy": "",
+ "threat_model": false,
+ "api_test": false,
+ "pen_test": false,
+ "check_list": false,
+ "status": "Not Started",
+ "progress": "other",
+ "tmodel_path": "none",
+ "done_testing": false,
+ "engagement_type": "Interactive",
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "build_server": null,
+ "source_code_management_server": null,
+ "source_code_management_uri": null,
+ "orchestration_engine": null,
+ "deduplication_on_engagement": false,
+ "notes": [],
+ "files": [],
+ "risk_acceptance": [],
+ "tags": [
+ "pci"
+ ],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.engagement",
+ "pk": 7,
+ "fields": {
+ "name": "Ad Hoc Engagement",
+ "description": null,
+ "version": null,
+ "first_contacted": null,
+ "target_start": "2021-11-03",
+ "target_end": "2021-11-03",
+ "lead": null,
+ "requester": null,
+ "preset": null,
+ "reason": null,
+ "report_type": null,
+ "product": 2,
+ "updated": "2021-11-04T09:36:15.136Z",
+ "created": "2021-11-04T09:36:15.136Z",
+ "active": false,
+ "tracker": null,
+ "test_strategy": null,
+ "threat_model": true,
+ "api_test": true,
+ "pen_test": true,
+ "check_list": true,
+ "status": "",
+ "progress": "threat_model",
+ "tmodel_path": "none",
+ "done_testing": false,
+ "engagement_type": "Interactive",
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "build_server": null,
+ "source_code_management_server": null,
+ "source_code_management_uri": null,
+ "orchestration_engine": null,
+ "deduplication_on_engagement": false,
+ "notes": [],
+ "files": [],
+ "risk_acceptance": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.engagement",
+ "pk": 8,
+ "fields": {
+ "name": "Initial Assessment",
+ "description": "This application needs to be assesed to determine the security posture.",
+ "version": "10.2.1",
+ "first_contacted": null,
+ "target_start": "2021-12-20",
+ "target_end": "2021-12-27",
+ "lead": [
+ "admin"
+ ],
+ "requester": null,
+ "preset": null,
+ "reason": null,
+ "report_type": null,
+ "product": 3,
+ "updated": "2021-11-04T09:44:29.481Z",
+ "created": "2021-11-04T09:42:51.116Z",
+ "active": true,
+ "tracker": null,
+ "test_strategy": "",
+ "threat_model": false,
+ "api_test": false,
+ "pen_test": false,
+ "check_list": false,
+ "status": "Not Started",
+ "progress": "other",
+ "tmodel_path": "none",
+ "done_testing": false,
+ "engagement_type": "Interactive",
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "build_server": null,
+ "source_code_management_server": null,
+ "source_code_management_uri": null,
+ "orchestration_engine": null,
+ "deduplication_on_engagement": false,
+ "notes": [],
+ "files": [],
+ "risk_acceptance": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.engagement",
+ "pk": 10,
+ "fields": {
+ "name": "Multiple scanners",
+ "description": "Example engagement with multiple scan types.",
+ "version": "1.2.1",
+ "first_contacted": null,
+ "target_start": "2021-11-04",
+ "target_end": "2021-11-04",
+ "lead": [
+ "admin"
+ ],
+ "requester": null,
+ "preset": null,
+ "reason": null,
+ "report_type": null,
+ "product": 1,
+ "updated": "2021-11-05T06:49:39.475Z",
+ "created": "2021-11-05T06:44:35.773Z",
+ "active": false,
+ "tracker": null,
+ "test_strategy": "",
+ "threat_model": false,
+ "api_test": false,
+ "pen_test": false,
+ "check_list": false,
+ "status": "Completed",
+ "progress": "threat_model",
+ "tmodel_path": "none",
+ "done_testing": false,
+ "engagement_type": "Interactive",
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "build_server": null,
+ "source_code_management_server": null,
+ "source_code_management_uri": null,
+ "orchestration_engine": null,
+ "deduplication_on_engagement": false,
+ "notes": [],
+ "files": [],
+ "risk_acceptance": [],
+ "tags": [
+ "pci"
+ ],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.engagement",
+ "pk": 11,
+ "fields": {
+ "name": "Manual PenTest",
+ "description": "Please do a manual pentest before our next release to prod.",
+ "version": "1.9.1",
+ "first_contacted": null,
+ "target_start": "2021-12-30",
+ "target_end": "2022-01-02",
+ "lead": [
+ "admin"
+ ],
+ "requester": null,
+ "preset": null,
+ "reason": null,
+ "report_type": null,
+ "product": 1,
+ "updated": "2021-11-05T06:55:42.622Z",
+ "created": "2021-11-05T06:54:11.880Z",
+ "active": true,
+ "tracker": null,
+ "test_strategy": "",
+ "threat_model": false,
+ "api_test": false,
+ "pen_test": false,
+ "check_list": false,
+ "status": "Blocked",
+ "progress": "other",
+ "tmodel_path": "none",
+ "done_testing": false,
+ "engagement_type": "Interactive",
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "build_server": null,
+ "source_code_management_server": null,
+ "source_code_management_uri": null,
+ "orchestration_engine": null,
+ "deduplication_on_engagement": false,
+ "notes": [],
+ "files": [],
+ "risk_acceptance": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.engagement",
+ "pk": 12,
+ "fields": {
+ "name": "CI/CD Baseline Security Test",
+ "description": "",
+ "version": "1.1.2",
+ "first_contacted": null,
+ "target_start": "2021-11-04",
+ "target_end": "2021-11-11",
+ "lead": [
+ "admin"
+ ],
+ "requester": null,
+ "preset": null,
+ "reason": null,
+ "report_type": null,
+ "product": 1,
+ "updated": "2021-11-05T07:07:44.126Z",
+ "created": "2021-11-05T07:06:26.136Z",
+ "active": false,
+ "tracker": "https://github.com/psiinon/bodgeit",
+ "test_strategy": null,
+ "threat_model": false,
+ "api_test": false,
+ "pen_test": false,
+ "check_list": false,
+ "status": "Completed",
+ "progress": "other",
+ "tmodel_path": "none",
+ "done_testing": false,
+ "engagement_type": "CI/CD",
+ "build_id": "89",
+ "commit_hash": "b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6",
+ "branch_tag": "master",
+ "build_server": null,
+ "source_code_management_server": null,
+ "source_code_management_uri": "https://github.com/psiinon/bodgeit",
+ "orchestration_engine": null,
+ "deduplication_on_engagement": false,
+ "notes": [],
+ "files": [],
+ "risk_acceptance": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.engagement",
+ "pk": 13,
+ "fields": {
+ "name": "AdHoc Import - Fri, 17 Aug 2018 18:20:55",
+ "description": null,
+ "version": null,
+ "first_contacted": null,
+ "target_start": "2021-11-04",
+ "target_end": "2021-11-04",
+ "lead": null,
+ "requester": null,
+ "preset": null,
+ "reason": null,
+ "report_type": null,
+ "product": 1,
+ "updated": "2021-11-05T10:43:05.446Z",
+ "created": "2021-11-05T10:43:05.446Z",
+ "active": true,
+ "tracker": null,
+ "test_strategy": null,
+ "threat_model": false,
+ "api_test": false,
+ "pen_test": false,
+ "check_list": false,
+ "status": "In Progress",
+ "progress": "threat_model",
+ "tmodel_path": "none",
+ "done_testing": false,
+ "engagement_type": "Interactive",
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "build_server": null,
+ "source_code_management_server": null,
+ "source_code_management_uri": null,
+ "orchestration_engine": null,
+ "deduplication_on_engagement": false,
+ "notes": [],
+ "files": [],
+ "risk_acceptance": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 1,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "127.0.0.1",
+ "port": 80,
+ "path": "/endpoint/420/edit/",
+ "query": null,
+ "fragment": null,
+ "product": 2,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 2,
+ "fields": {
+ "protocol": "ftp",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 21,
+ "path": "/",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 3,
+ "fields": {
+ "protocol": "ssh",
+ "userinfo": null,
+ "host": "127.0.0.1",
+ "port": 22,
+ "path": null,
+ "query": null,
+ "fragment": null,
+ "product": 3,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 4,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/bodgeit/login.jsp",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 5,
+ "fields": {
+ "protocol": null,
+ "userinfo": null,
+ "host": "127.0.0.1",
+ "port": null,
+ "path": null,
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 6,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/bodgeit/register.jsp",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 7,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/bodgeit/password.jsp",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 8,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/bodgeit/",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 9,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/bodgeit/basket.jsp",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 10,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/bodgeit/advanced.jsp",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 11,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/bodgeit/admin.jsp",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 12,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/bodgeit/about.jsp",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 13,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/bodgeit/contact.jsp",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 14,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/bodgeit/home.jsp",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 15,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/bodgeit/product.jsp",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 16,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/bodgeit/score.jsp",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 17,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/bodgeit/search.jsp",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 18,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.endpoint",
+ "pk": 19,
+ "fields": {
+ "protocol": "http",
+ "userinfo": null,
+ "host": "localhost",
+ "port": 8888,
+ "path": "/bodgeit/logout.jsp",
+ "query": null,
+ "fragment": null,
+ "product": 1,
+ "endpoint_params": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.development_environment",
+ "pk": 1,
+ "fields": {
+ "name": "AWS"
+ }
+},
+{
+ "model": "dojo.development_environment",
+ "pk": 2,
+ "fields": {
+ "name": "Staging"
+ }
+},
+{
+ "model": "dojo.development_environment",
+ "pk": 3,
+ "fields": {
+ "name": "Production"
+ }
+},
+{
+ "model": "dojo.development_environment",
+ "pk": 4,
+ "fields": {
+ "name": "Test"
+ }
+},
+{
+ "model": "dojo.development_environment",
+ "pk": 5,
+ "fields": {
+ "name": "Pre-prod"
+ }
+},
+{
+ "model": "dojo.development_environment",
+ "pk": 6,
+ "fields": {
+ "name": "Lab"
+ }
+},
+{
+ "model": "dojo.development_environment",
+ "pk": 7,
+ "fields": {
+ "name": "Development"
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 3,
+ "fields": {
+ "engagement": 1,
+ "lead": null,
+ "test_type": 1,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-02-18T00:00:00Z",
+ "target_end": "2021-02-27T00:00:00Z",
+ "estimated_time": "00:00:00",
+ "actual_time": "00:00:00",
+ "percent_complete": 100,
+ "environment": 1,
+ "updated": null,
+ "created": null,
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 13,
+ "fields": {
+ "engagement": 2,
+ "lead": [
+ "product_manager"
+ ],
+ "test_type": 1,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-03-21T01:00:00Z",
+ "target_end": "2021-03-22T01:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": 100,
+ "environment": 1,
+ "updated": null,
+ "created": null,
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 14,
+ "fields": {
+ "engagement": 1,
+ "lead": null,
+ "test_type": 1,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-02-18T00:00:00Z",
+ "target_end": "2021-02-27T00:00:00Z",
+ "estimated_time": "02:00:00",
+ "actual_time": "00:30:00",
+ "percent_complete": 100,
+ "environment": 1,
+ "updated": null,
+ "created": null,
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 15,
+ "fields": {
+ "engagement": 4,
+ "lead": [
+ "admin"
+ ],
+ "test_type": 12,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-11-03T00:00:00Z",
+ "target_end": "2021-11-03T00:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": 100,
+ "environment": 7,
+ "updated": "2021-11-04T09:01:30.563Z",
+ "created": "2021-11-04T09:01:30.563Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 16,
+ "fields": {
+ "engagement": 4,
+ "lead": [
+ "admin"
+ ],
+ "test_type": 12,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-11-03T00:00:00Z",
+ "target_end": "2021-11-03T00:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": 100,
+ "environment": 7,
+ "updated": "2021-11-04T09:03:25.139Z",
+ "created": "2021-11-04T09:03:25.139Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 18,
+ "fields": {
+ "engagement": 6,
+ "lead": [
+ "admin"
+ ],
+ "test_type": 21,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2022-01-19T00:00:00Z",
+ "target_end": "2022-01-24T00:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": null,
+ "environment": 3,
+ "updated": "2021-11-04T09:26:34.003Z",
+ "created": "2021-11-04T09:25:46.327Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 19,
+ "fields": {
+ "engagement": 7,
+ "lead": null,
+ "test_type": 3,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-11-04T09:36:15.180Z",
+ "target_end": "2021-11-04T09:36:15.180Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": null,
+ "environment": null,
+ "updated": "2021-11-04T09:36:15.180Z",
+ "created": "2021-11-04T09:36:15.180Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 20,
+ "fields": {
+ "engagement": 8,
+ "lead": [
+ "admin"
+ ],
+ "test_type": 1,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-12-20T00:00:00Z",
+ "target_end": "2021-12-27T00:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": null,
+ "environment": 3,
+ "updated": "2021-11-04T09:43:09.101Z",
+ "created": "2021-11-04T09:43:09.101Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 21,
+ "fields": {
+ "engagement": 8,
+ "lead": [
+ "admin"
+ ],
+ "test_type": 19,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-12-20T00:00:00Z",
+ "target_end": "2021-12-27T00:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": null,
+ "environment": 2,
+ "updated": "2021-11-04T09:43:23.410Z",
+ "created": "2021-11-04T09:43:23.410Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 22,
+ "fields": {
+ "engagement": 8,
+ "lead": [
+ "admin"
+ ],
+ "test_type": 17,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-12-20T00:00:00Z",
+ "target_end": "2021-12-27T00:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": null,
+ "environment": 3,
+ "updated": "2021-11-04T09:43:41.711Z",
+ "created": "2021-11-04T09:43:41.711Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 23,
+ "fields": {
+ "engagement": 8,
+ "lead": [
+ "admin"
+ ],
+ "test_type": 11,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-12-20T00:00:00Z",
+ "target_end": "2021-12-27T00:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": null,
+ "environment": 3,
+ "updated": "2021-11-04T09:44:01.815Z",
+ "created": "2021-11-04T09:44:01.815Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 25,
+ "fields": {
+ "engagement": 10,
+ "lead": [
+ "admin"
+ ],
+ "test_type": 17,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-11-04T00:00:00Z",
+ "target_end": "2021-11-04T00:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": 100,
+ "environment": 7,
+ "updated": "2021-11-05T06:44:35.814Z",
+ "created": "2021-11-05T06:44:35.814Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 26,
+ "fields": {
+ "engagement": 10,
+ "lead": [
+ "admin"
+ ],
+ "test_type": 28,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-11-04T00:00:00Z",
+ "target_end": "2021-11-04T00:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": 100,
+ "environment": 7,
+ "updated": "2021-11-05T06:46:06.450Z",
+ "created": "2021-11-05T06:46:06.450Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 28,
+ "fields": {
+ "engagement": 10,
+ "lead": [
+ "admin"
+ ],
+ "test_type": 9,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-11-04T00:00:00Z",
+ "target_end": "2021-11-04T00:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": 100,
+ "environment": 7,
+ "updated": "2021-11-05T06:47:17.517Z",
+ "created": "2021-11-05T06:47:17.518Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 29,
+ "fields": {
+ "engagement": 11,
+ "lead": [
+ "admin"
+ ],
+ "test_type": 29,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-11-04T00:00:00Z",
+ "target_end": "2021-11-11T00:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": null,
+ "environment": 3,
+ "updated": "2021-11-05T06:54:23.989Z",
+ "created": "2021-11-05T06:54:23.989Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 30,
+ "fields": {
+ "engagement": 11,
+ "lead": [
+ "admin"
+ ],
+ "test_type": 3,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-11-04T00:00:00Z",
+ "target_end": "2021-11-11T00:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": null,
+ "environment": 5,
+ "updated": "2021-11-05T06:54:35.499Z",
+ "created": "2021-11-05T06:54:35.499Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 31,
+ "fields": {
+ "engagement": 12,
+ "lead": [
+ "admin"
+ ],
+ "test_type": 30,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-11-04T00:00:00Z",
+ "target_end": "2021-11-04T00:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": 100,
+ "environment": 7,
+ "updated": "2021-11-05T07:07:18.034Z",
+ "created": "2021-11-05T07:07:18.034Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.test",
+ "pk": 32,
+ "fields": {
+ "engagement": 13,
+ "lead": [
+ "admin"
+ ],
+ "test_type": 9,
+ "scan_type": null,
+ "title": null,
+ "description": null,
+ "target_start": "2021-11-04T00:00:00Z",
+ "target_end": "2021-11-04T00:00:00Z",
+ "estimated_time": null,
+ "actual_time": null,
+ "percent_complete": 100,
+ "environment": 7,
+ "updated": "2021-11-05T10:43:05.485Z",
+ "created": "2021-11-05T10:43:05.485Z",
+ "version": null,
+ "build_id": null,
+ "commit_hash": null,
+ "branch_tag": null,
+ "api_scan_configuration": null,
+ "notes": [],
+ "files": [],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 2,
+ "fields": {
+ "title": "High Impact Test Finding",
+ "date": "2021-03-21",
+ "sla_start_date": null,
+ "sla_expiration_date": "2021-04-20",
+ "cwe": null,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "High",
+ "description": "test finding",
+ "mitigation": "test mitigation",
+ "impact": "HIGH",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 3,
+ "active": false,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.707Z",
+ "review_requested_by": [
+ "admin"
+ ],
+ "under_defect_review": false,
+ "defect_review_requested_by": [
+ "admin"
+ ],
+ "is_mitigated": false,
+ "thread_id": 11,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": null,
+ "last_reviewed_by": null,
+ "param": null,
+ "payload": null,
+ "hash_code": "91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62",
+ "line": null,
+ "file_path": "",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": null,
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 1
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 3,
+ "fields": {
+ "title": "High Impact Test Finding",
+ "date": "2021-03-21",
+ "sla_start_date": null,
+ "sla_expiration_date": "2021-04-20",
+ "cwe": null,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "High",
+ "description": "test finding",
+ "mitigation": "test mitigation",
+ "impact": "HIGH",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 3,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.280Z",
+ "review_requested_by": [
+ "admin"
+ ],
+ "under_defect_review": false,
+ "defect_review_requested_by": [
+ "admin"
+ ],
+ "is_mitigated": false,
+ "thread_id": 11,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": null,
+ "last_reviewed_by": null,
+ "param": null,
+ "payload": null,
+ "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7",
+ "line": null,
+ "file_path": "",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": null,
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 1
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 4,
+ "fields": {
+ "title": "High Impact Test Finding",
+ "date": "2021-03-21",
+ "sla_start_date": null,
+ "sla_expiration_date": "2021-04-20",
+ "cwe": null,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "High",
+ "description": "test finding",
+ "mitigation": "test mitigation",
+ "impact": "HIGH",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 3,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.297Z",
+ "review_requested_by": [
+ "admin"
+ ],
+ "under_defect_review": false,
+ "defect_review_requested_by": [
+ "admin"
+ ],
+ "is_mitigated": false,
+ "thread_id": 11,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": null,
+ "last_reviewed_by": null,
+ "param": null,
+ "payload": null,
+ "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7",
+ "line": null,
+ "file_path": "",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": null,
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 1
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 5,
+ "fields": {
+ "title": "High Impact Test Finding",
+ "date": "2021-03-21",
+ "sla_start_date": null,
+ "sla_expiration_date": "2021-04-20",
+ "cwe": null,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "High",
+ "description": "test finding",
+ "mitigation": "test mitigation",
+ "impact": "HIGH",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 3,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:12.850Z",
+ "review_requested_by": [
+ "admin"
+ ],
+ "under_defect_review": false,
+ "defect_review_requested_by": [
+ "admin"
+ ],
+ "is_mitigated": false,
+ "thread_id": 11,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": null,
+ "last_reviewed_by": null,
+ "param": null,
+ "payload": null,
+ "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7",
+ "line": null,
+ "file_path": "",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": null,
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 1
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 6,
+ "fields": {
+ "title": "High Impact Test Finding",
+ "date": "2021-03-21",
+ "sla_start_date": null,
+ "sla_expiration_date": "2021-04-20",
+ "cwe": null,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "High",
+ "description": "test finding",
+ "mitigation": "test mitigation",
+ "impact": "HIGH",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 3,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.314Z",
+ "review_requested_by": [
+ "admin"
+ ],
+ "under_defect_review": false,
+ "defect_review_requested_by": [
+ "admin"
+ ],
+ "is_mitigated": false,
+ "thread_id": 11,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": null,
+ "last_reviewed_by": null,
+ "param": null,
+ "payload": null,
+ "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7",
+ "line": null,
+ "file_path": "",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": null,
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 1
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 7,
+ "fields": {
+ "title": "Dummy Finding",
+ "date": "2021-03-20",
+ "sla_start_date": null,
+ "sla_expiration_date": "2021-04-19",
+ "cwe": 1,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "http://www.example.com",
+ "severity": "High",
+ "description": "TEST finding",
+ "mitigation": "MITIGATION",
+ "impact": "HIGH",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 3,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.331Z",
+ "review_requested_by": [
+ "product_manager"
+ ],
+ "under_defect_review": false,
+ "defect_review_requested_by": [
+ "product_manager"
+ ],
+ "is_mitigated": false,
+ "thread_id": 1,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "product_manager"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": null,
+ "last_reviewed_by": null,
+ "param": null,
+ "payload": null,
+ "hash_code": "c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0",
+ "line": 100,
+ "file_path": "",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": null,
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 1
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 8,
+ "fields": {
+ "title": "SQL Injection (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.691Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:32.587Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0",
+ "line": 30,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:32.590Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 9,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.758Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:32.763Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5",
+ "line": 1,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:32.769Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 10,
+ "fields": {
+ "title": "Missing X Frame Options (web.xml)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 829,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.904Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:32.945Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869",
+ "line": 1,
+ "file_path": "/root/WEB-INF/web.xml",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:32.948Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 11,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (AdvancedSearch.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.527Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:33.122Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc",
+ "line": 134,
+ "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:33.124Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 12,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.331Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:33.265Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27",
+ "line": 25,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:33.268Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 13,
+ "fields": {
+ "title": "Reflected XSS All Clients (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.484Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:33.435Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828",
+ "line": 141,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:33.438Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 14,
+ "fields": {
+ "title": "HttpOnlyCookies (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 10706,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.422Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:33.599Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924",
+ "line": 46,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:33.602Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 15,
+ "fields": {
+ "title": "CGI Reflected XSS All Clients (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.344Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:33.751Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166",
+ "line": 96,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:33.755Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 16,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.192Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:33.902Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33",
+ "line": 1,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:33.905Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 17,
+ "fields": {
+ "title": "Client Insecure Randomness (encryption.js)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 330,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.380Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:34.056Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6",
+ "line": 127,
+ "file_path": "/root/js/encryption.js",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:34.060Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 18,
+ "fields": {
+ "title": "SQL Injection (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.659Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:34.206Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f",
+ "line": 24,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:34.209Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 19,
+ "fields": {
+ "title": "Stored XSS (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\" | \" + product + \" | \");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.772Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:34.370Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7",
+ "line": 257,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:34.373Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 20,
+ "fields": {
+ "title": "CGI Stored XSS (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \" | \" + nf.format(price) + \" | \");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.486Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:34.527Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7",
+ "line": 31,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:34.530Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 21,
+ "fields": {
+ "title": "Not Using a Random IV With CBC Mode (AES.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 329,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.933Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:34.699Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c",
+ "line": 96,
+ "file_path": "/src/com/thebodgeitstore/util/AES.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:34.702Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 22,
+ "fields": {
+ "title": "Collapse of Data Into Unsafe Value (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 182,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.396Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:34.861Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597",
+ "line": 37,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:34.865Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 23,
+ "fields": {
+ "title": "Stored Boundary Violation (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 646,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.227Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:35.037Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca",
+ "line": 22,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:35.040Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 24,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.053Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:35.227Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c",
+ "line": 1,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:35.231Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 25,
+ "fields": {
+ "title": "Blind SQL Injections (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.286Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:35.385Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61",
+ "line": 24,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:35.388Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 26,
+ "fields": {
+ "title": "Heap Inspection (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 244,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.301Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:35.561Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e",
+ "line": 10,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:35.563Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 27,
+ "fields": {
+ "title": "Use of Cryptographically Weak PRNG (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 338,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.640Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:35.724Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195",
+ "line": 24,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:35.729Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 28,
+ "fields": {
+ "title": "Trust Boundary Violation (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 501,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.577Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:35.900Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019",
+ "line": 22,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:35.904Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 29,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (admin.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.542Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:36.147Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00",
+ "line": 53,
+ "file_path": "/root/admin.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:36.151Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 30,
+ "fields": {
+ "title": "Reliance on Cookies in a Decision (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 784,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.041Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:36.394Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717",
+ "line": 280,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:36.397Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 31,
+ "fields": {
+ "title": "Empty Password in Connection String (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.642Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:36.583Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f",
+ "line": 1,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:36.586Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 32,
+ "fields": {
+ "title": "Improper Resource Access Authorization (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.977Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:36.777Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a",
+ "line": 24,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:36.781Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 33,
+ "fields": {
+ "title": "Client Cross Frame Scripting Attack (advanced.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.583Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:36.972Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b",
+ "line": 1,
+ "file_path": "/root/advanced.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:36.976Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 34,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.145Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:37.206Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905",
+ "line": 1,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:37.211Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 35,
+ "fields": {
+ "title": "HttpOnlyCookies in Config (web.xml)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 10706,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.499Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:37.491Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c",
+ "line": 1,
+ "file_path": "/root/WEB-INF/web.xml",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:37.495Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 36,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.138Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:37.698Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08",
+ "line": 130,
+ "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:37.702Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 37,
+ "fields": {
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 614,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.165Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:37.891Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03",
+ "line": 56,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:37.894Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 38,
+ "fields": {
+ "title": "CGI Reflected XSS All Clients (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.328Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:38.079Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800",
+ "line": 78,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:38.083Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 39,
+ "fields": {
+ "title": "Suspected XSS (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** | <%=username%> | \n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.306Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:38.277Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17",
+ "line": 57,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:38.281Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 40,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.989Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:38.495Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625",
+ "line": 1,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:38.499Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 41,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (dbconnection.jspf)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.038Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:38.690Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904",
+ "line": 1,
+ "file_path": "/root/dbconnection.jspf",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:38.694Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 42,
+ "fields": {
+ "title": "Empty Password in Connection String (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.675Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:38.891Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653",
+ "line": 1,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:38.895Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 43,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.727Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:39.102Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698",
+ "line": 1,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:39.107Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 44,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.686Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:39.295Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63",
+ "line": 41,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:39.298Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 45,
+ "fields": {
+ "title": "SQL Injection (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.628Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:39.444Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce",
+ "line": 15,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:39.448Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 46,
+ "fields": {
+ "title": "Empty Password in Connection String (advanced.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.443Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:39.613Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120",
+ "line": 1,
+ "file_path": "/root/advanced.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:39.616Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 47,
+ "fields": {
+ "title": "CGI Stored XSS (score.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.551Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:39.809Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c",
+ "line": 19,
+ "file_path": "/root/score.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:39.814Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 48,
+ "fields": {
+ "title": "Plaintext Storage in a Cookie (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 315,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.964Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:40.001Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81",
+ "line": 84,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:40.005Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 49,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.605Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:40.173Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c",
+ "line": 75,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:40.176Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 50,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.958Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:40.351Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f",
+ "line": 1,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:40.355Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 51,
+ "fields": {
+ "title": "Stored XSS (admin.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \" | \" + rs.getString(\"name\") +\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.724Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:40.535Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05",
+ "line": 21,
+ "file_path": "/root/admin.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:40.539Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 52,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (admin.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.598Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:40.710Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4",
+ "line": 1,
+ "file_path": "/root/admin.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:40.715Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 53,
+ "fields": {
+ "title": "Empty Password in Connection String (init.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.582Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:40.865Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841",
+ "line": 1,
+ "file_path": "/root/init.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:40.869Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 54,
+ "fields": {
+ "title": "Heap Inspection (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 244,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.271Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:41.019Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2",
+ "line": 8,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:41.022Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 55,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.820Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:41.175Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447",
+ "line": 1,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:41.178Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 56,
+ "fields": {
+ "title": "Session Fixation (AdvancedSearch.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 384,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.516Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:41.332Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21",
+ "line": 48,
+ "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:41.335Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 57,
+ "fields": {
+ "title": "Stored XSS (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \" | \" + rs.getString(\"PRICE\") + \" | \\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \" | \\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"| \" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\" |
| \" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.970Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:41.491Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c",
+ "line": 49,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:41.494Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 58,
+ "fields": {
+ "title": "Empty Password in Connection String (dbconnection.jspf)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.505Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:41.667Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659",
+ "line": 1,
+ "file_path": "/root/dbconnection.jspf",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:41.669Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 59,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (init.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.084Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:41.817Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d",
+ "line": 1,
+ "file_path": "/root/init.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:41.820Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 60,
+ "fields": {
+ "title": "Reflected XSS All Clients (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\" |
| \" + comments + \" |
\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" |
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.499Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:41.970Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08",
+ "line": 37,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:41.972Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 61,
+ "fields": {
+ "title": "HttpOnlyCookies (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 10706,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.376Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:42.127Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932",
+ "line": 38,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:42.130Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 62,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.836Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:42.298Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f",
+ "line": 1,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:42.302Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 63,
+ "fields": {
+ "title": "Stored XSS (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \" | \" + nf.format(price) + \" | \");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.855Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:42.453Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02",
+ "line": 31,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:42.457Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 64,
+ "fields": {
+ "title": "Empty Password in Connection String (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.552Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:42.617Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36",
+ "line": 1,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:42.620Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 65,
+ "fields": {
+ "title": "Reflected XSS All Clients (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.547Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:42.793Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1",
+ "line": 96,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:42.796Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 66,
+ "fields": {
+ "title": "Improper Resource Access Authorization (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.025Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:42.953Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628",
+ "line": 42,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:42.956Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 67,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.789Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:43.112Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf",
+ "line": 1,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:43.115Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 68,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (score.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.881Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:43.267Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab",
+ "line": 1,
+ "file_path": "/root/score.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:43.269Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 69,
+ "fields": {
+ "title": "Improper Resource Access Authorization (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.831Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:43.428Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f",
+ "line": 55,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:43.431Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 70,
+ "fields": {
+ "title": "Race Condition Format Flaw (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 362,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\" | \" + nf.format(pricetopay) + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.980Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:43.592Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a",
+ "line": 262,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:43.595Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 71,
+ "fields": {
+ "title": "Empty Password in Connection String (header.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.521Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:43.749Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e",
+ "line": 89,
+ "file_path": "/root/header.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:43.752Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 72,
+ "fields": {
+ "title": "Improper Resource Access Authorization (FunctionalZAP.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.785Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:43.927Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725",
+ "line": 31,
+ "file_path": "/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:43.931Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 73,
+ "fields": {
+ "title": "Suspected XSS (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.274Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:44.088Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a",
+ "line": 89,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:44.091Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 74,
+ "fields": {
+ "title": "Use of Cryptographically Weak PRNG (init.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 338,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.670Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:44.247Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2",
+ "line": 1,
+ "file_path": "/root/init.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:44.250Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 75,
+ "fields": {
+ "title": "CGI Stored XSS (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \" | \" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\" | \" +\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.518Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:44.405Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20",
+ "line": 49,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:44.408Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 76,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (init.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.347Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:44.595Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2",
+ "line": 1,
+ "file_path": "/root/init.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:44.599Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 77,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (header.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.680Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:44.794Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2",
+ "line": 87,
+ "file_path": "/root/header.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:44.798Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 78,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.266Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:44.955Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1",
+ "line": 274,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:44.961Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 79,
+ "fields": {
+ "title": "Blind SQL Injections (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.239Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:45.164Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551",
+ "line": 15,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:45.167Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 80,
+ "fields": {
+ "title": "Client DOM Open Redirect (advanced.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 601,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.334Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:45.335Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93",
+ "line": 48,
+ "file_path": "/root/advanced.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:45.338Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 81,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.208Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:45.492Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea",
+ "line": 1,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:45.495Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 82,
+ "fields": {
+ "title": "CGI Stored XSS (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\" | \" + product + \" | \");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.407Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:45.664Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242",
+ "line": 257,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:45.667Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 83,
+ "fields": {
+ "title": "Use of Insufficiently Random Values (init.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 330,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.793Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:45.806Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48",
+ "line": 1,
+ "file_path": "/root/init.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:45.809Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 84,
+ "fields": {
+ "title": "Missing X Frame Options (web.xml)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 829,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.857Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:45.944Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3",
+ "line": 1,
+ "file_path": "/build/WEB-INF/web.xml",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:45.947Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 85,
+ "fields": {
+ "title": "Reflected XSS All Clients (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>
\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.595Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:46.090Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06",
+ "line": 18,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:46.093Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 86,
+ "fields": {
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 614,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.149Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:46.239Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb",
+ "line": 84,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:46.242Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 87,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (score.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.810Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:46.413Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9",
+ "line": 37,
+ "file_path": "/root/score.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:46.417Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 88,
+ "fields": {
+ "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 321,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.718Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:46.579Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be",
+ "line": 26,
+ "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:46.582Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 89,
+ "fields": {
+ "title": "Reliance on Cookies in a Decision (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 784,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.118Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:46.727Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41",
+ "line": 56,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:46.729Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 90,
+ "fields": {
+ "title": "Stored XSS (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \" | \" + rs.getString(\"comment\") + \" | \");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \" | \" + rs.getString(\"comment\") + \" | \");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \" | \" + rs.getString(\"comment\") + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.823Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:46.880Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e",
+ "line": 68,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:46.883Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 91,
+ "fields": {
+ "title": "CGI Stored XSS (admin.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \" | \" + rs.getString(\"name\") +\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.391Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:47.029Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991",
+ "line": 21,
+ "file_path": "/root/admin.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:47.032Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 92,
+ "fields": {
+ "title": "Heap Inspection (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 244,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.331Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:47.166Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd",
+ "line": 7,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:47.169Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 93,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.478Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:47.311Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992",
+ "line": 57,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:47.314Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 94,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.765Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:47.456Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19",
+ "line": 70,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:47.459Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 95,
+ "fields": {
+ "title": "Improper Resource Access Authorization (init.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.907Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:47.612Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610",
+ "line": 1,
+ "file_path": "/root/init.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:47.615Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 96,
+ "fields": {
+ "title": "CGI Stored XSS (header.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.439Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:47.772Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d",
+ "line": 29,
+ "file_path": "/root/header.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:47.776Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 97,
+ "fields": {
+ "title": "Blind SQL Injections (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.222Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:47.928Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31",
+ "line": 173,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:47.932Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 98,
+ "fields": {
+ "title": "HttpOnlyCookies in Config (web.xml)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 10706,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.452Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:48.086Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0",
+ "line": 1,
+ "file_path": "/build/WEB-INF/web.xml",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:48.091Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 99,
+ "fields": {
+ "title": "Use of Hard Coded Cryptographic Key (AES.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 321,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.685Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:48.245Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b",
+ "line": 53,
+ "file_path": "/src/com/thebodgeitstore/util/AES.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:48.247Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 100,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (score.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.461Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:48.415Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201",
+ "line": 14,
+ "file_path": "/root/score.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:48.418Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 101,
+ "fields": {
+ "title": "CGI Reflected XSS All Clients (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.251Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:48.572Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02",
+ "line": 141,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:48.575Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 102,
+ "fields": {
+ "title": "Stored XSS (score.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\" | \" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.939Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:48.730Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d",
+ "line": 19,
+ "file_path": "/root/score.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:48.732Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 103,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.589Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:48.887Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd",
+ "line": 65,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:48.890Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 104,
+ "fields": {
+ "title": "Improper Resource Access Authorization (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.107Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:49.057Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10",
+ "line": 14,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:49.061Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 105,
+ "fields": {
+ "title": "Improper Resource Access Authorization (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.892Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:49.227Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17",
+ "line": 14,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:49.230Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 106,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (admin.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.168Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:49.387Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6",
+ "line": 40,
+ "file_path": "/root/admin.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:49.390Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 107,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.825Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:49.551Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2",
+ "line": 58,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:49.553Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 108,
+ "fields": {
+ "title": "Blind SQL Injections (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.318Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:49.693Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336",
+ "line": 30,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:49.698Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 109,
+ "fields": {
+ "title": "Reliance on Cookies in a Decision (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 784,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.072Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:49.844Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9",
+ "line": 45,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:49.847Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 110,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.897Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:49.989Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a",
+ "line": 1,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:49.992Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 111,
+ "fields": {
+ "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 567,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.338Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:50.130Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87",
+ "line": 93,
+ "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:50.133Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 112,
+ "fields": {
+ "title": "Empty Password in Connection String (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.753Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:50.269Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95",
+ "line": 1,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:50.272Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 113,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.249Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:50.422Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1",
+ "line": 274,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:50.425Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 114,
+ "fields": {
+ "title": "Improper Resource Access Authorization (score.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.091Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:50.580Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40",
+ "line": 14,
+ "file_path": "/root/score.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:50.583Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 115,
+ "fields": {
+ "title": "Session Fixation (logout.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 384,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.561Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:50.754Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10",
+ "line": 3,
+ "file_path": "/root/logout.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:50.757Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 116,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.130Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:50.913Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd",
+ "line": 1,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:50.920Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 117,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (advanced.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.926Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:51.097Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44",
+ "line": 1,
+ "file_path": "/root/advanced.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:51.100Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 118,
+ "fields": {
+ "title": "Improper Resource Access Authorization (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.958Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:51.299Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1",
+ "line": 15,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:51.303Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 119,
+ "fields": {
+ "title": "Improper Resource Access Authorization (header.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.848Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:51.526Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9",
+ "line": 91,
+ "file_path": "/root/header.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:51.529Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 120,
+ "fields": {
+ "title": "Empty Password in Connection String (score.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.706Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:51.700Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44",
+ "line": 1,
+ "file_path": "/root/score.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:51.704Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 121,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.397Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:51.881Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d",
+ "line": 24,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:51.884Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 122,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.414Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:52.052Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28",
+ "line": 97,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:52.056Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 123,
+ "fields": {
+ "title": "Empty Password in Connection String (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.613Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:52.202Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296",
+ "line": 1,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:52.205Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 124,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.718Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:52.347Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb",
+ "line": 63,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:52.350Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 125,
+ "fields": {
+ "title": "Use of Insufficiently Random Values (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 330,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.763Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:52.508Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88",
+ "line": 54,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:52.512Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 126,
+ "fields": {
+ "title": "Stored XSS (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.806Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:52.662Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d",
+ "line": 89,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:52.665Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 127,
+ "fields": {
+ "title": "HttpOnlyCookies (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 10706,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.407Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:52.803Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3",
+ "line": 35,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:52.806Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 128,
+ "fields": {
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 614,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.196Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:52.966Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99",
+ "line": 61,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:52.969Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 129,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (header.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.638Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:53.112Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215",
+ "line": 99,
+ "file_path": "/root/header.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:53.115Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 130,
+ "fields": {
+ "title": "Race Condition Format Flaw (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 362,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.011Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:53.269Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1",
+ "line": 51,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:53.272Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 131,
+ "fields": {
+ "title": "Stored XSS (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \" | \" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\" | \" +\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.904Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:01:53.424Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2",
+ "line": 49,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:53.428Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 132,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.218Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:53.603Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1",
+ "line": 274,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:53.606Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 133,
+ "fields": {
+ "title": "Heap Inspection (init.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 244,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.255Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:53.769Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f",
+ "line": 1,
+ "file_path": "/root/init.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:53.772Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 134,
+ "fields": {
+ "title": "CGI Reflected XSS All Clients (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.281Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:53.915Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8",
+ "line": 37,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:53.918Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 135,
+ "fields": {
+ "title": "Empty Password in Connection String (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.473Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:54.068Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6",
+ "line": 1,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:54.071Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 136,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.733Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:54.216Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49",
+ "line": 98,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:54.219Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 137,
+ "fields": {
+ "title": "XSRF (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 352,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.841Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:54.403Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473",
+ "line": 24,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:54.406Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 138,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (advanced.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.632Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:01:54.581Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f",
+ "line": 1,
+ "file_path": "/root/advanced.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:54.584Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 139,
+ "fields": {
+ "title": "Improper Resource Access Authorization (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 15,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.056Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:01:54.760Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5",
+ "line": 29,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:01:54.769Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 140,
+ "fields": {
+ "title": "SQL Injection (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.706Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:27.309Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0",
+ "line": 30,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:27.312Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 141,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.743Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:27.476Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5",
+ "line": 1,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:27.478Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 142,
+ "fields": {
+ "title": "Missing X Frame Options (web.xml)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 829,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.873Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:27.647Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869",
+ "line": 1,
+ "file_path": "/root/WEB-INF/web.xml",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:27.650Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 143,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (AdvancedSearch.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.510Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:27.829Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc",
+ "line": 134,
+ "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:27.832Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 144,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.315Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:27.990Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27",
+ "line": 25,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:27.993Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 145,
+ "fields": {
+ "title": "Reflected XSS All Clients (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.470Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:28.177Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828",
+ "line": 141,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:28.179Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 146,
+ "fields": {
+ "title": "HttpOnlyCookies (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 10706,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.437Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:28.351Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924",
+ "line": 46,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:28.355Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 147,
+ "fields": {
+ "title": "CGI Reflected XSS All Clients (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.359Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:28.522Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166",
+ "line": 96,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:28.525Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 148,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.175Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:28.689Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33",
+ "line": 1,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:28.692Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 149,
+ "fields": {
+ "title": "Client Insecure Randomness (encryption.js)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 330,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.365Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:28.864Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6",
+ "line": 127,
+ "file_path": "/root/js/encryption.js",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:28.867Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 150,
+ "fields": {
+ "title": "SQL Injection (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.675Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:29.036Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f",
+ "line": 24,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:29.039Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 151,
+ "fields": {
+ "title": "Stored XSS (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\" | \" + product + \" | \");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.756Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:29.190Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7",
+ "line": 257,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:29.194Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 152,
+ "fields": {
+ "title": "CGI Stored XSS (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \" | \" + nf.format(price) + \" | \");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.470Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:29.358Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7",
+ "line": 31,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:29.361Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 153,
+ "fields": {
+ "title": "Not Using a Random IV With CBC Mode (AES.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 329,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.919Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:29.547Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c",
+ "line": 96,
+ "file_path": "/src/com/thebodgeitstore/util/AES.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:29.549Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 154,
+ "fields": {
+ "title": "Collapse of Data Into Unsafe Value (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 182,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.411Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:29.698Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597",
+ "line": 37,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:29.701Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 155,
+ "fields": {
+ "title": "Stored Boundary Violation (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 646,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.244Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:29.848Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca",
+ "line": 22,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:29.850Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 156,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.069Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:29.989Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c",
+ "line": 1,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:29.992Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 157,
+ "fields": {
+ "title": "Blind SQL Injections (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.270Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:30.136Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61",
+ "line": 24,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:30.139Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 158,
+ "fields": {
+ "title": "Heap Inspection (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 244,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.316Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:30.279Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e",
+ "line": 10,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:30.281Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 159,
+ "fields": {
+ "title": "Use of Cryptographically Weak PRNG (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 338,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.624Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:30.448Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195",
+ "line": 24,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:30.451Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 160,
+ "fields": {
+ "title": "Trust Boundary Violation (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 501,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.593Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:30.594Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019",
+ "line": 22,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:30.598Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 161,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (admin.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.557Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:30.751Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00",
+ "line": 53,
+ "file_path": "/root/admin.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:30.754Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 162,
+ "fields": {
+ "title": "Reliance on Cookies in a Decision (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 784,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.056Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:30.910Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717",
+ "line": 280,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:30.913Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 163,
+ "fields": {
+ "title": "Empty Password in Connection String (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.658Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:31.073Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f",
+ "line": 1,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:31.075Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 164,
+ "fields": {
+ "title": "Improper Resource Access Authorization (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.993Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:31.225Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a",
+ "line": 24,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:31.228Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 165,
+ "fields": {
+ "title": "Client Cross Frame Scripting Attack (advanced.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.567Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:31.379Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b",
+ "line": 1,
+ "file_path": "/root/advanced.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:31.382Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 166,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.160Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:31.520Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905",
+ "line": 1,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:31.524Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 167,
+ "fields": {
+ "title": "HttpOnlyCookies in Config (web.xml)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 10706,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.484Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:31.672Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c",
+ "line": 1,
+ "file_path": "/root/WEB-INF/web.xml",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:31.675Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 168,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.153Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:31.821Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08",
+ "line": 130,
+ "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:31.824Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 169,
+ "fields": {
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 614,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.181Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:31.973Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03",
+ "line": 56,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:31.976Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 170,
+ "fields": {
+ "title": "CGI Reflected XSS All Clients (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.313Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:32.127Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800",
+ "line": 78,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:32.130Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 171,
+ "fields": {
+ "title": "Suspected XSS (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** | <%=username%> | \n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.291Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:32.272Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17",
+ "line": 57,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:32.275Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 172,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.006Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:32.424Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625",
+ "line": 1,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:32.427Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 173,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (dbconnection.jspf)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.022Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:32.576Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904",
+ "line": 1,
+ "file_path": "/root/dbconnection.jspf",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:32.579Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 174,
+ "fields": {
+ "title": "Empty Password in Connection String (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.691Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:32.746Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653",
+ "line": 1,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:32.750Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 175,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.711Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:32.906Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698",
+ "line": 1,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:32.910Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 176,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.670Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:33.071Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63",
+ "line": 41,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:33.073Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 177,
+ "fields": {
+ "title": "SQL Injection (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.644Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:33.227Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce",
+ "line": 15,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:33.230Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 178,
+ "fields": {
+ "title": "Empty Password in Connection String (advanced.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.427Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:33.392Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120",
+ "line": 1,
+ "file_path": "/root/advanced.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:33.396Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 179,
+ "fields": {
+ "title": "CGI Stored XSS (score.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.535Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:33.583Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c",
+ "line": 19,
+ "file_path": "/root/score.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:33.589Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 180,
+ "fields": {
+ "title": "Plaintext Storage in a Cookie (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 315,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.948Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:33.755Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81",
+ "line": 84,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:33.758Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 181,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.622Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:33.917Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c",
+ "line": 75,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:33.921Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 182,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.974Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:34.096Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f",
+ "line": 1,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:34.101Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 183,
+ "fields": {
+ "title": "Stored XSS (admin.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \" | \" + rs.getString(\"name\") +\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.741Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:34.258Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05",
+ "line": 21,
+ "file_path": "/root/admin.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:34.261Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 184,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (admin.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.615Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:34.454Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4",
+ "line": 1,
+ "file_path": "/root/admin.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:34.457Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 185,
+ "fields": {
+ "title": "Empty Password in Connection String (init.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.597Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:34.627Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841",
+ "line": 1,
+ "file_path": "/root/init.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:34.632Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 186,
+ "fields": {
+ "title": "Heap Inspection (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 244,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.286Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:34.807Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2",
+ "line": 8,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:34.811Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 187,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.804Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:34.989Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447",
+ "line": 1,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:34.992Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 188,
+ "fields": {
+ "title": "Session Fixation (AdvancedSearch.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 384,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.531Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:35.143Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21",
+ "line": 48,
+ "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:35.146Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 189,
+ "fields": {
+ "title": "Stored XSS (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \" | \" + rs.getString(\"PRICE\") + \" | \\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \" | \\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"| \" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\" |
| \" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.955Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:35.305Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c",
+ "line": 49,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:35.308Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 190,
+ "fields": {
+ "title": "Empty Password in Connection String (dbconnection.jspf)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.489Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:35.484Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659",
+ "line": 1,
+ "file_path": "/root/dbconnection.jspf",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:35.488Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 191,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (init.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.099Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:35.652Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d",
+ "line": 1,
+ "file_path": "/root/init.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:35.655Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 192,
+ "fields": {
+ "title": "Reflected XSS All Clients (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\" |
| \" + comments + \" |
\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" |
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.515Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:35.811Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08",
+ "line": 37,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:35.814Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 193,
+ "fields": {
+ "title": "HttpOnlyCookies (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 10706,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.361Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:35.980Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932",
+ "line": 38,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:35.984Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 194,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.851Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:36.148Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f",
+ "line": 1,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:36.152Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 195,
+ "fields": {
+ "title": "Stored XSS (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \" | \" + nf.format(price) + \" | \");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.870Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:36.359Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02",
+ "line": 31,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:36.364Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 196,
+ "fields": {
+ "title": "Empty Password in Connection String (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.567Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:36.552Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36",
+ "line": 1,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:36.557Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 197,
+ "fields": {
+ "title": "Reflected XSS All Clients (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.563Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:36.756Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1",
+ "line": 96,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:36.760Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 198,
+ "fields": {
+ "title": "Improper Resource Access Authorization (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.009Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:36.938Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628",
+ "line": 42,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:36.944Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 199,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.773Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:37.127Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf",
+ "line": 1,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:37.131Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 200,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (score.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.866Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:37.333Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab",
+ "line": 1,
+ "file_path": "/root/score.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:37.335Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 201,
+ "fields": {
+ "title": "Improper Resource Access Authorization (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.815Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:37.526Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f",
+ "line": 55,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:37.529Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 202,
+ "fields": {
+ "title": "Race Condition Format Flaw (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 362,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\" | \" + nf.format(pricetopay) + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.995Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:37.701Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a",
+ "line": 262,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:37.704Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 203,
+ "fields": {
+ "title": "Empty Password in Connection String (header.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.536Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:37.900Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e",
+ "line": 89,
+ "file_path": "/root/header.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:37.904Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 204,
+ "fields": {
+ "title": "Improper Resource Access Authorization (FunctionalZAP.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.769Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:38.093Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725",
+ "line": 31,
+ "file_path": "/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:38.097Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 205,
+ "fields": {
+ "title": "Suspected XSS (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.260Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:38.265Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a",
+ "line": 89,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:38.273Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 206,
+ "fields": {
+ "title": "Use of Cryptographically Weak PRNG (init.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 338,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.655Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:38.480Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2",
+ "line": 1,
+ "file_path": "/root/init.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:38.494Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 207,
+ "fields": {
+ "title": "CGI Stored XSS (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \" | \" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\" | \" +\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.501Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:38.720Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20",
+ "line": 49,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:38.726Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 208,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (init.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.363Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:38.918Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2",
+ "line": 1,
+ "file_path": "/root/init.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:38.922Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 209,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (header.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.695Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:39.095Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2",
+ "line": 87,
+ "file_path": "/root/header.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:39.098Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 210,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.234Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:39.256Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1",
+ "line": 274,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:39.259Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 211,
+ "fields": {
+ "title": "Blind SQL Injections (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.255Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:39.461Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551",
+ "line": 15,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:39.465Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 212,
+ "fields": {
+ "title": "Client DOM Open Redirect (advanced.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 601,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.350Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:39.627Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93",
+ "line": 48,
+ "file_path": "/root/advanced.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:39.630Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 213,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.224Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:39.784Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea",
+ "line": 1,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:39.787Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 214,
+ "fields": {
+ "title": "CGI Stored XSS (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\" | \" + product + \" | \");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.423Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:39.933Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242",
+ "line": 257,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:39.936Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 215,
+ "fields": {
+ "title": "Use of Insufficiently Random Values (init.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 330,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.809Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:40.129Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48",
+ "line": 1,
+ "file_path": "/root/init.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:40.133Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 216,
+ "fields": {
+ "title": "Missing X Frame Options (web.xml)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 829,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.889Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:40.288Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3",
+ "line": 1,
+ "file_path": "/build/WEB-INF/web.xml",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:40.291Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 217,
+ "fields": {
+ "title": "Reflected XSS All Clients (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>
\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.578Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:40.452Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06",
+ "line": 18,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:40.455Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 218,
+ "fields": {
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 614,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.134Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:40.621Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb",
+ "line": 84,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:40.624Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 219,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (score.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.795Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:40.777Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9",
+ "line": 37,
+ "file_path": "/root/score.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:40.780Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 220,
+ "fields": {
+ "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 321,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.732Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:40.984Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be",
+ "line": 26,
+ "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:40.990Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 221,
+ "fields": {
+ "title": "Reliance on Cookies in a Decision (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 784,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.103Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:41.158Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41",
+ "line": 56,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:41.162Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 222,
+ "fields": {
+ "title": "Stored XSS (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \" | \" + rs.getString(\"comment\") + \" | \");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \" | \" + rs.getString(\"comment\") + \" | \");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \" | \" + rs.getString(\"comment\") + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.839Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:41.402Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e",
+ "line": 68,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:41.406Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 223,
+ "fields": {
+ "title": "CGI Stored XSS (admin.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \" | \" + rs.getString(\"name\") +\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.375Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:41.596Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991",
+ "line": 21,
+ "file_path": "/root/admin.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:41.600Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 224,
+ "fields": {
+ "title": "Heap Inspection (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 244,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.345Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:41.769Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd",
+ "line": 7,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:41.772Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 225,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.493Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:41.944Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992",
+ "line": 57,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:41.947Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 226,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.780Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:42.126Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19",
+ "line": 70,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:42.129Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 227,
+ "fields": {
+ "title": "Improper Resource Access Authorization (init.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.922Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:42.296Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610",
+ "line": 1,
+ "file_path": "/root/init.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:42.301Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 228,
+ "fields": {
+ "title": "CGI Stored XSS (header.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.455Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:42.479Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d",
+ "line": 29,
+ "file_path": "/root/header.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:42.482Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 229,
+ "fields": {
+ "title": "Blind SQL Injections (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.204Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:42.667Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31",
+ "line": 173,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:42.670Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 230,
+ "fields": {
+ "title": "HttpOnlyCookies in Config (web.xml)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 10706,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.469Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:42.855Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0",
+ "line": 1,
+ "file_path": "/build/WEB-INF/web.xml",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:42.875Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 231,
+ "fields": {
+ "title": "Use of Hard Coded Cryptographic Key (AES.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 321,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.702Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:43.249Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b",
+ "line": 53,
+ "file_path": "/src/com/thebodgeitstore/util/AES.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:43.252Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 232,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (score.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.445Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:43.516Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201",
+ "line": 14,
+ "file_path": "/root/score.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:43.521Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 233,
+ "fields": {
+ "title": "CGI Reflected XSS All Clients (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.266Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:43.811Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02",
+ "line": 141,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:43.816Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 234,
+ "fields": {
+ "title": "Stored XSS (score.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\" | \" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.922Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:44.082Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d",
+ "line": 19,
+ "file_path": "/root/score.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:44.090Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 235,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.573Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:44.305Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd",
+ "line": 65,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:44.309Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 236,
+ "fields": {
+ "title": "Improper Resource Access Authorization (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.123Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:44.500Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10",
+ "line": 14,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:44.506Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 237,
+ "fields": {
+ "title": "Improper Resource Access Authorization (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.876Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:44.700Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17",
+ "line": 14,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:44.703Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 238,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (admin.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.185Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:44.930Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6",
+ "line": 40,
+ "file_path": "/root/admin.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:44.936Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 239,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.841Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:45.147Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2",
+ "line": 58,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:45.150Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 240,
+ "fields": {
+ "title": "Blind SQL Injections (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.302Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:45.382Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336",
+ "line": 30,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:45.387Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 241,
+ "fields": {
+ "title": "Reliance on Cookies in a Decision (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 784,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.087Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:45.583Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9",
+ "line": 45,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:45.588Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 242,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.911Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:45.806Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a",
+ "line": 1,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:45.816Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 243,
+ "fields": {
+ "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 567,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.322Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:46.034Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87",
+ "line": 93,
+ "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:46.040Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 244,
+ "fields": {
+ "title": "Empty Password in Connection String (search.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.738Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:46.316Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95",
+ "line": 1,
+ "file_path": "/root/search.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:46.325Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 245,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.201Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:46.567Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1",
+ "line": 274,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:46.571Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 246,
+ "fields": {
+ "title": "Improper Resource Access Authorization (score.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.074Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:46.793Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40",
+ "line": 14,
+ "file_path": "/root/score.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:46.801Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 247,
+ "fields": {
+ "title": "Session Fixation (logout.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 384,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.546Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:47.002Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10",
+ "line": 3,
+ "file_path": "/root/logout.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:47.007Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 248,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.115Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:47.225Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd",
+ "line": 1,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:47.229Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 249,
+ "fields": {
+ "title": "Hardcoded Password in Connection String (advanced.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 547,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.942Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:47.440Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44",
+ "line": 1,
+ "file_path": "/root/advanced.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:47.445Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 250,
+ "fields": {
+ "title": "Improper Resource Access Authorization (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.938Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:47.659Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1",
+ "line": 15,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:47.662Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 251,
+ "fields": {
+ "title": "Improper Resource Access Authorization (header.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.862Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:47.864Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9",
+ "line": 91,
+ "file_path": "/root/header.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:47.867Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 252,
+ "fields": {
+ "title": "Empty Password in Connection String (score.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.722Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:48.015Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44",
+ "line": 1,
+ "file_path": "/root/score.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:48.018Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 253,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.380Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:48.171Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d",
+ "line": 24,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:48.175Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 254,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.429Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:48.378Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28",
+ "line": 97,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:48.382Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 255,
+ "fields": {
+ "title": "Empty Password in Connection String (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.628Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:48.560Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296",
+ "line": 1,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:48.563Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 256,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.702Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:48.755Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb",
+ "line": 63,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:48.761Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 257,
+ "fields": {
+ "title": "Use of Insufficiently Random Values (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 330,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.748Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:48.954Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88",
+ "line": 54,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:48.957Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 258,
+ "fields": {
+ "title": "Stored XSS (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.788Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:49.157Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d",
+ "line": 89,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:49.162Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 259,
+ "fields": {
+ "title": "HttpOnlyCookies (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 10706,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.391Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:49.535Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3",
+ "line": 35,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:49.539Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 260,
+ "fields": {
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 614,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.211Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:49.716Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99",
+ "line": 61,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:49.721Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 261,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (header.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.654Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:49.923Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215",
+ "line": 99,
+ "file_path": "/root/header.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:49.927Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 262,
+ "fields": {
+ "title": "Race Condition Format Flaw (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 362,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.026Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:50.131Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1",
+ "line": 51,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:50.136Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 263,
+ "fields": {
+ "title": "Stored XSS (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \" | \" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\" | \" +\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.887Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:50.345Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2",
+ "line": 49,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:50.351Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 264,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.282Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:50.571Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1",
+ "line": 274,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:50.575Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 265,
+ "fields": {
+ "title": "Heap Inspection (init.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 244,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.240Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:50.772Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f",
+ "line": 1,
+ "file_path": "/root/init.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:50.779Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 266,
+ "fields": {
+ "title": "CGI Reflected XSS All Clients (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.298Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:50.988Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8",
+ "line": 37,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:50.992Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 267,
+ "fields": {
+ "title": "Empty Password in Connection String (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 259,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.458Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:51.206Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6",
+ "line": 1,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:51.212Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 268,
+ "fields": {
+ "title": "Information Exposure Through an Error Message (product.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 209,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.749Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:51.380Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49",
+ "line": 98,
+ "file_path": "/root/product.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:51.383Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 269,
+ "fields": {
+ "title": "XSRF (password.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 352,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.824Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:51.541Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473",
+ "line": 24,
+ "file_path": "/root/password.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:51.544Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 270,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (advanced.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.648Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:51.719Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f",
+ "line": 1,
+ "file_path": "/root/advanced.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:51.721Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 271,
+ "fields": {
+ "title": "Improper Resource Access Authorization (register.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.041Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:51.872Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5",
+ "line": 29,
+ "file_path": "/root/register.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:51.877Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 272,
+ "fields": {
+ "title": "Download of Code Without Integrity Check (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 494,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.664Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:52.046Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e",
+ "line": 1,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:52.049Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 273,
+ "fields": {
+ "title": "Improper Resource Access Authorization (admin.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 285,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.800Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:52.205Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099",
+ "line": 12,
+ "file_path": "/root/admin.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:52.209Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 274,
+ "fields": {
+ "title": "Use of Cryptographically Weak PRNG (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 338,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.609Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:52.385Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2",
+ "line": 54,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:52.388Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 275,
+ "fields": {
+ "title": "Improper Resource Shutdown or Release (contact.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-03-16",
+ "cwe": 404,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:17.298Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-04T09:03:52.568Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b",
+ "line": 29,
+ "file_path": "/root/contact.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:52.571Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 276,
+ "fields": {
+ "title": "Reflected XSS All Clients (login.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 79,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.531Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:52.766Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e",
+ "line": 78,
+ "file_path": "/root/login.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:52.771Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 277,
+ "fields": {
+ "title": "Use of Insufficiently Random Values (home.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2020-02-15",
+ "cwe": 330,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.778Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-04T09:03:52.933Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a",
+ "line": 24,
+ "file_path": "/root/home.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:52.938Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 278,
+ "fields": {
+ "title": "SQL Injection (basket.jsp)",
+ "date": "2019-11-17",
+ "sla_start_date": null,
+ "sla_expiration_date": "2019-12-17",
+ "cwe": 89,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "High",
+ "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n",
+ "mitigation": "N/A",
+ "impact": "N/A",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 16,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.612Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-04T09:03:53.121Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9",
+ "line": 173,
+ "file_path": "/root/basket.jsp",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:03:53.124Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 12
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 279,
+ "fields": {
+ "title": "Test",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": null,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "No url given",
+ "severity": "Info",
+ "description": "asdf",
+ "mitigation": "adf",
+ "impact": "asdf",
+ "steps_to_reproduce": "",
+ "severity_justification": "",
+ "references": "No references given",
+ "test": 19,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.675Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": null,
+ "last_reviewed_by": null,
+ "param": null,
+ "payload": null,
+ "hash_code": "df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-04T09:36:25.003Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 3
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 280,
+ "fields": {
+ "title": "Notepad++.exe | CVE-2007-2666",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2021-12-03",
+ "cwe": 1035,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "High",
+ "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "name: 23961\nsource: BID\nurl: http://www.securityfocus.com/bid/23961\n\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\n\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\n\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\nsource: CONFIRM\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\n\nname: 3912\nsource: MILW0RM\nurl: http://www.milw0rm.com/exploits/3912\n\nname: ADV-2007-1794\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1794\n\nname: ADV-2007-1867\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1867\n\nname: notepadplus-rb-bo(34269)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34269\n\nname: scintilla-rb-bo(34372)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34372\n\n",
+ "test": 25,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.440Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-05T06:44:35.859Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a",
+ "line": null,
+ "file_path": "notepad++.exe",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:44:35.863Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 17
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 281,
+ "fields": {
+ "title": "Notepad++.exe | CVE-2008-3436",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2021-12-03",
+ "cwe": 1035,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "High",
+ "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\nsource: FULLDISC\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\n\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\nsource: MISC\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\n\n",
+ "test": 25,
+ "active": false,
+ "verified": false,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.456Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-05T06:44:36.137Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb",
+ "line": null,
+ "file_path": "notepad++.exe",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:44:36.140Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 17
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 282,
+ "fields": {
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.352Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:46:06.480Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:06.484Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 283,
+ "fields": {
+ "title": ".NET Debugging Enabled",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Medium",
+ "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.001Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T06:46:06.674Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:06.676Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 284,
+ "fields": {
+ "title": "URL Request Gets Path From Variable",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Low",
+ "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.127Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T06:46:06.854Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:06.857Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 285,
+ "fields": {
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.513Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:46:07.052Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:07.054Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 286,
+ "fields": {
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.481Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:46:07.231Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:07.234Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 287,
+ "fields": {
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.467Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:46:07.426Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:07.429Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 288,
+ "fields": {
+ "title": ".NET Debugging Enabled",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Medium",
+ "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.986Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T06:46:07.616Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:07.619Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 289,
+ "fields": {
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.452Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:46:07.815Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:07.818Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 290,
+ "fields": {
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.438Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:46:08.021Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:08.024Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 291,
+ "fields": {
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.423Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:46:08.212Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:08.214Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 292,
+ "fields": {
+ "title": "URL Request Gets Path From Variable",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Low",
+ "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.157Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T06:46:08.405Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:08.407Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 293,
+ "fields": {
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.408Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:46:08.574Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:08.576Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 294,
+ "fields": {
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.395Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:46:08.770Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:08.774Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 295,
+ "fields": {
+ "title": "URL Request Gets Path From Variable",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Low",
+ "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.142Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T06:46:08.991Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:08.994Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 296,
+ "fields": {
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.528Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:46:09.155Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:09.157Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 297,
+ "fields": {
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.496Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:46:09.334Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:09.337Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 298,
+ "fields": {
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.381Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:46:09.511Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:09.514Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 299,
+ "fields": {
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n",
+ "mitigation": "",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": null,
+ "test": 26,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.366Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:46:09.697Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": false,
+ "created": "2021-11-05T06:46:09.700Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 28
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 300,
+ "fields": {
+ "title": "Password Field With Autocomplete Enabled",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Low",
+ "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n",
+ "mitigation": "\n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n",
+ "impact": "Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 28,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.095Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T06:47:38.584Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T06:47:17.890Z",
+ "scanner_confidence": 1,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 301,
+ "fields": {
+ "title": "Frameable Response (Potential Clickjacking)",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n",
+ "mitigation": "\n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n",
+ "impact": "If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "\n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n",
+ "test": 28,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.606Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:47:38.584Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T06:47:18.169Z",
+ "scanner_confidence": 4,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 302,
+ "fields": {
+ "title": "Cross-Site Scripting (Reflected)",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2021-12-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "High",
+ "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n",
+ "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n",
+ "impact": "Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "\n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n",
+ "test": 28,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.375Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-05T06:47:38.584Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T06:47:18.645Z",
+ "scanner_confidence": 1,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 303,
+ "fields": {
+ "title": "Unencrypted Communications",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Low",
+ "description": "URL: http://localhost:8888/\n\n\n",
+ "mitigation": "\n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n",
+ "impact": "The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "\n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n",
+ "test": 28,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.173Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T06:47:38.584Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T06:47:18.860Z",
+ "scanner_confidence": 1,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 304,
+ "fields": {
+ "title": "Password Returned in Later Response",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Medium",
+ "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n",
+ "mitigation": "\n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n",
+ "impact": "Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 28,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.078Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T06:47:38.584Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T06:47:19.072Z",
+ "scanner_confidence": 7,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 305,
+ "fields": {
+ "title": "Email Addresses Disclosed",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n",
+ "mitigation": "\n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n",
+ "impact": "The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 28,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.590Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:47:38.584Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T06:47:19.278Z",
+ "scanner_confidence": 1,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 306,
+ "fields": {
+ "title": "Cross-Site Request Forgery",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n",
+ "mitigation": "\n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n",
+ "impact": "Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "\n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n",
+ "test": 28,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.543Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:47:38.584Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T06:47:19.559Z",
+ "scanner_confidence": 7,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 307,
+ "fields": {
+ "title": "SQL Injection",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2021-12-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "High",
+ "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n",
+ "mitigation": "The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n",
+ "impact": "SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n",
+ "test": 28,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.422Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-05T06:47:38.584Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T06:47:19.783Z",
+ "scanner_confidence": 4,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 308,
+ "fields": {
+ "title": "Path-Relative Style Sheet Import",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n",
+ "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n",
+ "impact": "Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n",
+ "test": 28,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.639Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T06:47:38.584Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T06:47:20.049Z",
+ "scanner_confidence": 7,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 309,
+ "fields": {
+ "title": "Cleartext Submission of Password",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2021-12-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "High",
+ "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n",
+ "mitigation": "\n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n",
+ "impact": "Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 28,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.346Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-05T06:47:38.584Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T06:47:20.461Z",
+ "scanner_confidence": 1,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 310,
+ "fields": {
+ "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.187Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T07:07:18.064Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:18.067Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 311,
+ "fields": {
+ "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.219Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T07:07:18.317Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:18.320Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 312,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.981Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:18.590Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:18.592Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 313,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.951Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:18.813Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:18.815Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 314,
+ "fields": {
+ "title": "SQL String Formatting-G201",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.094Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T07:07:19Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/sqli/function.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:19.003Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 315,
+ "fields": {
+ "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.017Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T07:07:19.199Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/user/user.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:19.202Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 316,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.997Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:19.409Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:19.412Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 317,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.935Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:19.618Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:19.621Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 318,
+ "fields": {
+ "title": "Use of Weak Cryptographic Primitive-G401",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.140Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T07:07:19.848Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:19.850Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 319,
+ "fields": {
+ "title": "Use of Weak Cryptographic Primitive-G401",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.124Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T07:07:20.054Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/user/user.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:20.057Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 320,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.966Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:20.246Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/util/template.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:20.248Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 321,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.889Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:20.438Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/util/middleware/middleware.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:20.441Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 322,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.048Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:20.631Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/util/middleware/middleware.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:20.634Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 323,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.857Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:20.808Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/app.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:20.811Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 324,
+ "fields": {
+ "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.236Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T07:07:21.002Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:21.004Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 325,
+ "fields": {
+ "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.203Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T07:07:21.189Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:21.191Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 326,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.904Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:21.366Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/setting/setting.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:21.369Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 327,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.919Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:21.559Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/setting/setting.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:21.561Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 328,
+ "fields": {
+ "title": "Use of Weak Cryptographic Primitive-G401",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.109Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T07:07:21.741Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:21.744Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 329,
+ "fields": {
+ "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.032Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T07:07:21.928Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:21.930Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 330,
+ "fields": {
+ "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.048Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T07:07:22.121Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:22.124Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 331,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.014Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:22.306Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/util/cookie.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:22.308Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 332,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:15.873Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:22.548Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:22.551Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 333,
+ "fields": {
+ "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.156Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T07:07:22.771Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:22.773Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 334,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.081Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:22.986Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:22.989Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 335,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.065Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:23.200Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/user/user.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:23.204Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 336,
+ "fields": {
+ "title": "Errors Unhandled.-G104",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Low",
+ "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.030Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T07:07:23.486Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/util/template.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:23.489Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 337,
+ "fields": {
+ "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": "N/A",
+ "severity": "Medium",
+ "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n",
+ "mitigation": "coming soon",
+ "impact": "",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 31,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.172Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T07:07:23.717Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66",
+ "line": null,
+ "file_path": "/vagrant/go/src/govwa/util/template.go",
+ "component_name": null,
+ "component_version": null,
+ "static_finding": true,
+ "dynamic_finding": false,
+ "created": "2021-11-05T07:07:23.721Z",
+ "scanner_confidence": null,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 30
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 338,
+ "fields": {
+ "title": "Password Field With Autocomplete Enabled",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Low",
+ "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n",
+ "mitigation": "\n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n",
+ "impact": "Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 32,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.111Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T10:43:05.943Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T10:43:05.946Z",
+ "scanner_confidence": 1,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 339,
+ "fields": {
+ "title": "Frameable Response (Potential Clickjacking)",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n",
+ "mitigation": "\n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n",
+ "impact": "If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "\n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n",
+ "test": 32,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.622Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T10:43:06.233Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T10:43:06.237Z",
+ "scanner_confidence": 4,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 340,
+ "fields": {
+ "title": "Cross-Site Scripting (Reflected)",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2021-12-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "High",
+ "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n",
+ "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n",
+ "impact": "Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "\n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n",
+ "test": 32,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.391Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-05T10:43:06.738Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T10:43:06.742Z",
+ "scanner_confidence": 1,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 341,
+ "fields": {
+ "title": "Unencrypted Communications",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-03-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Low",
+ "description": "URL: http://localhost:8888/\n\n\n",
+ "mitigation": "\n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n",
+ "impact": "The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "\n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n",
+ "test": 32,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:16.189Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S3",
+ "last_reviewed": "2021-11-05T10:43:07.036Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T10:43:07.038Z",
+ "scanner_confidence": 1,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 342,
+ "fields": {
+ "title": "Password Returned in Later Response",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2022-02-01",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Medium",
+ "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n",
+ "mitigation": "\n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n",
+ "impact": "Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 32,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:14.063Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S2",
+ "last_reviewed": "2021-11-05T10:43:07.294Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T10:43:07.297Z",
+ "scanner_confidence": 7,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 343,
+ "fields": {
+ "title": "Email Addresses Disclosed",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n",
+ "mitigation": "\n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n",
+ "impact": "The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 32,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.575Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T10:43:07.545Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T10:43:07.547Z",
+ "scanner_confidence": 1,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 344,
+ "fields": {
+ "title": "Cross-Site Request Forgery",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n",
+ "mitigation": "\n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n",
+ "impact": "Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "\n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n",
+ "test": 32,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.559Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T10:43:07.885Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T10:43:07.888Z",
+ "scanner_confidence": 7,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 345,
+ "fields": {
+ "title": "SQL Injection",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2021-12-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "High",
+ "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n",
+ "mitigation": "The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n",
+ "impact": "SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n",
+ "test": 32,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.406Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-05T10:43:08.140Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T10:43:08.144Z",
+ "scanner_confidence": 4,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 346,
+ "fields": {
+ "title": "Path-Relative Style Sheet Import",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": null,
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "Info",
+ "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n",
+ "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n",
+ "impact": "Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n",
+ "test": 32,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:18.658Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S4",
+ "last_reviewed": "2021-11-05T10:43:08.437Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T10:43:08.440Z",
+ "scanner_confidence": 7,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.finding",
+ "pk": 347,
+ "fields": {
+ "title": "Cleartext Submission of Password",
+ "date": "2021-11-03",
+ "sla_start_date": null,
+ "sla_expiration_date": "2021-12-03",
+ "cwe": 0,
+ "cve": null,
+ "epss_score": null,
+ "epss_percentile": null,
+ "cvssv3": null,
+ "cvssv3_score": null,
+ "url": null,
+ "severity": "High",
+ "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n",
+ "mitigation": "\n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n",
+ "impact": "Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n",
+ "steps_to_reproduce": null,
+ "severity_justification": null,
+ "references": "",
+ "test": 32,
+ "active": true,
+ "verified": true,
+ "false_p": false,
+ "duplicate": false,
+ "duplicate_finding": null,
+ "out_of_scope": false,
+ "risk_accepted": false,
+ "under_review": false,
+ "last_status_update": "2025-01-17T16:52:13.360Z",
+ "review_requested_by": null,
+ "under_defect_review": false,
+ "defect_review_requested_by": null,
+ "is_mitigated": false,
+ "thread_id": 0,
+ "mitigated": null,
+ "mitigated_by": null,
+ "reporter": [
+ "admin"
+ ],
+ "numerical_severity": "S1",
+ "last_reviewed": "2021-11-05T10:43:08.902Z",
+ "last_reviewed_by": [
+ "admin"
+ ],
+ "param": null,
+ "payload": null,
+ "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c",
+ "line": null,
+ "file_path": null,
+ "component_name": null,
+ "component_version": null,
+ "static_finding": false,
+ "dynamic_finding": true,
+ "created": "2021-11-05T10:43:08.906Z",
+ "scanner_confidence": 1,
+ "sonarqube_issue": null,
+ "unique_id_from_tool": null,
+ "vuln_id_from_tool": null,
+ "sast_source_object": null,
+ "sast_sink_object": null,
+ "sast_source_line": null,
+ "sast_source_file_path": null,
+ "nb_occurences": null,
+ "publish_date": null,
+ "service": null,
+ "planned_remediation_date": null,
+ "planned_remediation_version": null,
+ "effort_for_fixing": null,
+ "reviewers": [],
+ "notes": [],
+ "files": [],
+ "found_by": [
+ 9
+ ],
+ "tags": [],
+ "inherited_tags": []
+ }
+},
+{
+ "model": "dojo.stub_finding",
+ "pk": 2,
+ "fields": {
+ "title": "test stub finding 1",
+ "date": "2021-03-09",
+ "severity": "High",
+ "description": "test stub finding",
+ "test": 3,
+ "reporter": [
+ "admin"
+ ]
+ }
+},
+{
+ "model": "dojo.stub_finding",
+ "pk": 3,
+ "fields": {
+ "title": "test stub finding 2",
+ "date": "2021-03-09",
+ "severity": "High",
+ "description": "test stub finding",
+ "test": 14,
+ "reporter": [
+ "admin"
+ ]
+ }
+},
+{
+ "model": "dojo.stub_finding",
+ "pk": 4,
+ "fields": {
+ "title": "test stub finding 3",
+ "date": "2021-03-09",
+ "severity": "High",
+ "description": "test stub finding",
+ "test": 13,
+ "reporter": [
+ "admin"
+ ]
+ }
+},
+{
+ "model": "dojo.finding_template",
+ "pk": 1,
+ "fields": {
+ "title": "XSS template",
+ "cwe": null,
+ "cve": null,
+ "cvssv3": null,
+ "severity": "High",
+ "description": "XSS test template",
+ "mitigation": "",
+ "impact": "",
+ "references": "",
+ "last_used": null,
+ "numerical_severity": null,
+ "template_match": false,
+ "template_match_title": false,
+ "tags": []
+ }
+},
+{
+ "model": "dojo.finding_template",
+ "pk": 2,
+ "fields": {
+ "title": "SQLi template",
+ "cwe": null,
+ "cve": null,
+ "cvssv3": null,
+ "severity": "High",
+ "description": "SQLi test template",
+ "mitigation": "",
+ "impact": "",
+ "references": "",
+ "last_used": null,
+ "numerical_severity": null,
+ "template_match": false,
+ "template_match_title": false,
+ "tags": []
+ }
+},
+{
+ "model": "dojo.finding_template",
+ "pk": 3,
+ "fields": {
+ "title": "CSRF template",
+ "cwe": null,
+ "cve": null,
+ "cvssv3": null,
+ "severity": "MEDIUM",
+ "description": "CSRF test template",
+ "mitigation": "",
+ "impact": "",
+ "references": "",
+ "last_used": null,
+ "numerical_severity": null,
+ "template_match": false,
+ "template_match_title": false,
+ "tags": []
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 1,
+ "fields": {
+ "finding": 300,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 2,
+ "fields": {
+ "finding": 300,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 3,
+ "fields": {
+ "finding": 300,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 4,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 5,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 6,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 7,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 8,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 9,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 10,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 11,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 12,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 13,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 14,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 15,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 16,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 17,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 18,
+ "fields": {
+ "finding": 301,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 19,
+ "fields": {
+ "finding": 302,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiWGxtTVRNMlBITmpjbWx3ZEQ1aGJHVnlkQ2d4S1R3bE1tWnpZM0pwY0hRK2FteGxaSFVtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nWWw5cFpEME5Da052Ym5SbGJuUXRWSGx3WlRvZ2RHVjRkQzlvZEcxc08yTm9ZWEp6WlhROVNWTlBMVGc0TlRrdE1RMEtRMjl1ZEdWdWRDMU1aVzVuZEdnNklESXdORGtOQ2tSaGRHVTZJRk5oZEN3Z01qY2dRWFZuSURJd01UWWdNREk2TVRJNk1UVWdSMDFVRFFwRGIyNXVaV04wYVc5dU9pQmpiRzl6WlEwS0RRb0tDZ29LQ2dvS0NnbzhJVVJQUTFSWlVFVWdTRlJOVENCUVZVSk1TVU1nSWkwdkwxY3pReTh2UkZSRUlFaFVUVXdnTXk0eUx5OUZUaUkrQ2p4b2RHMXNQZ284YUdWaFpENEtQSFJwZEd4bFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOTBhWFJzWlQ0S1BHeHBibXNnYUhKbFpqMGljM1I1YkdVdVkzTnpJaUJ5Wld3OUluTjBlV3hsYzJobFpYUWlJSFI1Y0dVOUluUmxlSFF2WTNOeklpQXZQZ284YzJOeWFYQjBJSFI1Y0dVOUluUmxlSFF2YW1GMllYTmpjbWx3ZENJZ2MzSmpQU0l1TDJwekwzVjBhV3d1YW5NaVBqd3ZjMk55YVhCMFBnbzhMMmhsWVdRK0NqeGliMlI1UGdvS1BHTmxiblJsY2o0S1BIUmhZbXhsSUhkcFpIUm9QU0k0TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4SU1UNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZTREUrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005WENKdWIySnZjbVJsY2x3aVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSTBNQ1VpUGxkbElHSnZaR2RsSUdsMExDQnpieUI1YjNVZ1pHOXVkQ0JvWVhabElIUnZJVHd2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRDRLVlhObGNqb2dQR0VnYUhKbFpqMGljR0Z6YzNkdmNtUXVhbk53SWo1MFpYTjBRSFJsYzNRdVkyOXRlV1l4TXpZOGMyTnlhWEIwUG1Gc1pYSjBLREVwUEM5elkzSnBjSFErYW14bFpIVThMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 20,
+ "fields": {
+ "finding": 302,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQS9jVDAxTlRVdE5UVTFMVEF4T1RsQVpYaGhiWEJzWlM1amIyMXJPR1owYnp4elkzSnBjSFErWVd4bGNuUW9NU2s4SlRKbWMyTnlhWEIwUG01M2VETnNJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qRXdOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhZajVaYjNVZ2MyVmhjbU5vWldRZ1ptOXlPand2WWo0Z05UVTFMVFUxTlMwd01UazVRR1Y0WVcxd2JHVXVZMjl0YXpobWRHODhjMk55YVhCMFBtRnNaWEowS0RFcFBDOXpZM0pwY0hRK2JuZDRNMnc4WW5JdlBqeGljaTgrQ2p4a2FYWStQR0krVG04Z1VtVnpkV3gwY3lCR2IzVnVaRHd2WWo0OEwyUnBkajRLQ2p3dlptOXVkRDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 21,
+ "fields": {
+ "finding": 304,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 22,
+ "fields": {
+ "finding": 305,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkQ1UwTUhSbGMzUXVZMjl0Sm5CaGMzTjNiM0prTVQxMFpYTjBNVEl6Sm5CaGMzTjNiM0prTWoxMFpYTjBNVEl6",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qQXhOQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1RveU5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5SbGMzUkFkR1Z6ZEM1amIyMDhMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 23,
+ "fields": {
+ "finding": 305,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXlOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVQZFhJZ1FtVnpkQ0JFWldGc2N5RThMMmd6UGdvOFkyVnVkR1Z5UGp4MFlXSnNaU0JpYjNKa1pYSTlJakVpSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGxCeWIyUjFZM1E4TDNSb1BqeDBhRDVVZVhCbFBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1Bqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU5TSStSMW9nU3pjM1BDOWhQand2ZEdRK1BIUmtQa2RwZW0xdmN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU1EVThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TlNJK1ZHaHBibWRwWlNBeVBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU55SStSRzl2SUdSaGFDQmtZWGs4TDJFK1BDOTBaRDQ4ZEdRK1JHOXZaR0ZvY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRFl1TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNallpUGxwcGNDQmhJR1JsWlNCa2IyOGdaR0ZvUEM5aFBqd3ZkR1ErUEhSa1BrUnZiMlJoYUhNOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF6TGprNVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEk1SWo1VWFYQnZabTE1ZEc5dVozVmxQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamMwUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BURTNJajVYYUdGMGMybDBJR05oYkd4bFpEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1UVWlQbFJIU2lCSVNFazhMMkUrUEM5MFpENDhkR1ErVkdocGJtZGhiV0ZxYVdkelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTWk0eE1Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB5TkNJK1Ixb2dSbG80UEM5aFBqd3ZkR1ErUEhSa1BrZHBlbTF2Y3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREV1TURBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNamNpUGtSdmJ5QmtZV2dnWkdGNVBDOWhQand2ZEdRK1BIUmtQa1J2YjJSaGFITThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRMkxqVXdQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2NISnZaR2xrUFRJd0lqNVhhR0YwYzJsMElIUmhjM1JsSUd4cGEyVThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamsyUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 24,
+ "fields": {
+ "finding": 305,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTWpBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5RFFvTkNuVndaR0YwWlQxVmNHUmhkR1VyUW1GemEyVjA=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016TXlNQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4d0lITjBlV3hsUFNKamIyeHZjanBuY21WbGJpSStXVzkxY2lCaVlYTnJaWFFnYUdGa0lHSmxaVzRnZFhCa1lYUmxaQzQ4TDNBK1BHSnlMejRLUEdadmNtMGdZV04wYVc5dVBTSmlZWE5yWlhRdWFuTndJaUJ0WlhSb2IyUTlJbkJ2YzNRaVBnbzhkR0ZpYkdVZ1ltOXlaR1Z5UFNJeElpQmpiR0Z6Y3owaVltOXlaR1Z5SWlCM2FXUjBhRDBpT0RBbElqNEtQSFJ5UGp4MGFENVFjbTlrZFdOMFBDOTBhRDQ4ZEdnK1VYVmhiblJwZEhrOEwzUm9QangwYUQ1UWNtbGpaVHd2ZEdnK1BIUm9QbFJ2ZEdGc1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVGdpUGxkb1lYUnphWFFnZDJWcFoyZzhMMkUrUEM5MFpENEtQSFJrSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCalpXNTBaWElpUGladVluTndPenhoSUdoeVpXWTlJaU1pSUc5dVkyeHBZMnM5SW1SbFkxRjFZVzUwYVhSNUtERTRLVHNpUGp4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRNd0xuQnVaeUlnWVd4MFBTSkVaV055WldGelpTQnhkV0Z1ZEdsMGVTQnBiaUJpWVhOclpYUWlJR0p2Y21SbGNqMGlNQ0krUEM5aFBpWnVZbk53T3p4cGJuQjFkQ0JwWkQwaWNYVmhiblJwZEhsZk1UZ2lJRzVoYldVOUluRjFZVzUwYVhSNVh6RTRJaUIyWVd4MVpUMGlNU0lnYldGNGJHVnVaM1JvUFNJeUlpQnphWHBsSUQwZ0lqSWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdVa1ZCUkU5T1RGa2dMejRtYm1KemNEczhZU0JvY21WbVBTSWpJaUJ2Ym1Oc2FXTnJQU0pwYm1OUmRXRnVkR2wwZVNneE9DazdJajQ4YVcxbklITnlZejBpYVcxaFoyVnpMekV5T1M1d2JtY2lJR0ZzZEQwaVNXNWpjbVZoYzJVZ2NYVmhiblJwZEhrZ2FXNGdZbUZ6YTJWMElpQmliM0prWlhJOUlqQWlQand2WVQ0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQxTUR3dmRHUStDand2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStQSFJrUGxSdmRHRnNQQzkwWkQ0OGRHUWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJR05sYm5SbGNpSStQR2x1Y0hWMElHbGtQU0oxY0dSaGRHVWlJRzVoYldVOUluVndaR0YwWlNJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlWWEJrWVhSbElFSmhjMnRsZENJdlBqd3ZkR1ErUEhSa1BpWnVZbk53T3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQand2ZEhJK0Nqd3ZkR0ZpYkdVK0NnbzhMMlp2Y20wK0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 25,
+ "fields": {
+ "finding": 305,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 26,
+ "fields": {
+ "finding": 305,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 27,
+ "fields": {
+ "finding": 305,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 28,
+ "fields": {
+ "finding": 305,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 29,
+ "fields": {
+ "finding": 305,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXpOUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpvd09TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5WelpYSXhRSFJvWldKdlpHZGxhWFJ6ZEc5eVpTNWpiMjA4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1U1pXZHBjM1JsY2p3dmFETStDZ29LVUd4bFlYTmxJR1Z1ZEdWeUlIUm9aU0JtYjJ4c2IzZHBibWNnWkdWMFlXbHNjeUIwYnlCeVpXZHBjM1JsY2lCM2FYUm9JSFZ6T2lBOFluSXZQanhpY2k4K0NqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStDZ2s4WTJWdWRHVnlQZ29KUEhSaFlteGxQZ29KUEhSeVBnb0pDVHgwWkQ1VmMyVnlibUZ0WlNBb2VXOTFjaUJsYldGcGJDQmhaR1J5WlhOektUbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5WelpYSnVZVzFsSWlCdVlXMWxQU0oxYzJWeWJtRnRaU0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRFaUlHNWhiV1U5SW5CaGMzTjNiM0prTVNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQa052Ym1acGNtMGdVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRJaUlHNWhiV1U5SW5CaGMzTjNiM0prTWlJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWMzVmliV2wwSWlCMGVYQmxQU0p6ZFdKdGFYUWlJSFpoYkhWbFBTSlNaV2RwYzNSbGNpSStQQzlwYm5CMWRENDhMM1JrUGdvSlBDOTBjajRLQ1R3dmRHRmliR1UrQ2drOEwyTmxiblJsY2o0S1BDOW1iM0p0UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 30,
+ "fields": {
+ "finding": 305,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 31,
+ "fields": {
+ "finding": 306,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 32,
+ "fields": {
+ "finding": 307,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTXpRTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5SncwS0RRcHhkV0Z1ZEdsMGVWOHhPRDB4Sm5Wd1pHRjBaVDFWY0dSaGRHVXJRbUZ6YTJWMA==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTlRBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxMWRHWXRPQTBLUTI5dWRHVnVkQzFNWVc1bmRXRm5aVG9nWlc0TkNrTnZiblJsYm5RdFRHVnVaM1JvT2lBME1EZzBEUXBFWVhSbE9pQlRZWFFzSURJM0lFRjFaeUF5TURFMklEQXlPakV4T2pRMElFZE5WQTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2cwS1BDRkVUME5VV1ZCRklHaDBiV3crUEdoMGJXdytQR2hsWVdRK1BIUnBkR3hsUGtGd1lXTm9aU0JVYjIxallYUXZPUzR3TGpBdVRUUWdMU0JGY25KdmNpQnlaWEJ2Y25ROEwzUnBkR3hsUGp4emRIbHNaU0IwZVhCbFBTSjBaWGgwTDJOemN5SStTREVnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0bWIyNTBMWE5wZW1VNk1qSndlRHQ5SUVneUlIdG1iMjUwTFdaaGJXbHNlVHBVWVdodmJXRXNRWEpwWVd3c2MyRnVjeTF6WlhKcFpqdGpiMnh2Y2pwM2FHbDBaVHRpWVdOclozSnZkVzVrTFdOdmJHOXlPaU0xTWpWRU56WTdabTl1ZEMxemFYcGxPakUyY0hnN2ZTQklNeUI3Wm05dWRDMW1ZVzFwYkhrNlZHRm9iMjFoTEVGeWFXRnNMSE5oYm5NdGMyVnlhV1k3WTI5c2IzSTZkMmhwZEdVN1ltRmphMmR5YjNWdVpDMWpiMnh2Y2pvak5USTFSRGMyTzJadmJuUXRjMmw2WlRveE5IQjRPMzBnUWs5RVdTQjdabTl1ZEMxbVlXMXBiSGs2VkdGb2IyMWhMRUZ5YVdGc0xITmhibk10YzJWeWFXWTdZMjlzYjNJNllteGhZMnM3WW1GamEyZHliM1Z1WkMxamIyeHZjanAzYUdsMFpUdDlJRUlnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0OUlGQWdlMlp2Ym5RdFptRnRhV3g1T2xSaGFHOXRZU3hCY21saGJDeHpZVzV6TFhObGNtbG1PMkpoWTJ0bmNtOTFibVE2ZDJocGRHVTdZMjlzYjNJNllteGhZMnM3Wm05dWRDMXphWHBsT2pFeWNIZzdmVUVnZTJOdmJHOXlJRG9nWW14aFkyczdmVUV1Ym1GdFpTQjdZMjlzYjNJZ09pQmliR0ZqYXp0OUxteHBibVVnZTJobGFXZG9kRG9nTVhCNE95QmlZV05yWjNKdmRXNWtMV052Ykc5eU9pQWpOVEkxUkRjMk95QmliM0prWlhJNklHNXZibVU3ZlR3dmMzUjViR1UrSUR3dmFHVmhaRDQ4WW05a2VUNDhhREUrU0ZSVVVDQlRkR0YwZFhNZ05UQXdJQzBnUVc0Z1pYaGpaWEIwYVc5dUlHOWpZM1Z5Y21Wa0lIQnliMk5sYzNOcGJtY2dTbE5RSUhCaFoyVWdMMkpoYzJ0bGRDNXFjM0FnWVhRZ2JHbHVaU0F5TkRROEwyZ3hQanhrYVhZZ1kyeGhjM005SW14cGJtVWlQand2WkdsMlBqeHdQanhpUG5SNWNHVThMMkkrSUVWNFkyVndkR2x2YmlCeVpYQnZjblE4TDNBK1BIQStQR0krYldWemMyRm5aVHd2WWo0Z1BIVStRVzRnWlhoalpYQjBhVzl1SUc5alkzVnljbVZrSUhCeWIyTmxjM05wYm1jZ1NsTlFJSEJoWjJVZ0wySmhjMnRsZEM1cWMzQWdZWFFnYkdsdVpTQXlORFE4TDNVK1BDOXdQanh3UGp4aVBtUmxjMk55YVhCMGFXOXVQQzlpUGlBOGRUNVVhR1VnYzJWeWRtVnlJR1Z1WTI5MWJuUmxjbVZrSUdGdUlHbHVkR1Z5Ym1Gc0lHVnljbTl5SUhSb1lYUWdjSEpsZG1WdWRHVmtJR2wwSUdaeWIyMGdablZzWm1sc2JHbHVaeUIwYUdseklISmxjWFZsYzNRdVBDOTFQand2Y0Q0OGNENDhZajVsZUdObGNIUnBiMjQ4TDJJK1BDOXdQanh3Y21VK2IzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdVNtRnpjR1Z5UlhoalpYQjBhVzl1T2lCQmJpQmxlR05sY0hScGIyNGdiMk5qZFhKeVpXUWdjSEp2WTJWemMybHVaeUJLVTFBZ2NHRm5aU0F2WW1GemEyVjBMbXB6Y0NCaGRDQnNhVzVsSURJME5Bb0tNalF4T2lBSkNRa0pDWE4wYlhRdVpYaGxZM1YwWlNncE93b3lOREk2SUFrSkNRa0pjM1J0ZEM1amJHOXpaU2dwT3drSkNRa0pDUW95TkRNNklBa0pDUWw5SUdWc2MyVWdld295TkRRNklBa0pDUWtKYzNSdGRDQTlJR052Ym00dWNISmxjR0Z5WlZOMFlYUmxiV1Z1ZENnbWNYVnZkRHRWVUVSQlZFVWdRbUZ6YTJWMFEyOXVkR1Z1ZEhNZ1UwVlVJSEYxWVc1MGFYUjVJRDBnSm5GMWIzUTdJQ3NnU1c1MFpXZGxjaTV3WVhKelpVbHVkQ2gyWVd4MVpTa2dLeUFtY1hWdmREc2dWMGhGVWtVZ1ltRnphMlYwYVdROUpuRjFiM1E3SUNzZ1ltRnphMlYwU1dRZ0t3b3lORFU2SUFrSkNRa0pDUWttY1hWdmREc2dRVTVFSUhCeWIyUjFZM1JwWkNBOUlDWnhkVzkwT3lBcklIQnliMlJKWkNrN0NqSTBOam9nQ1FrSkNRbHpkRzEwTG1WNFpXTjFkR1VvS1RzS01qUTNPaUFKQ1FrSkNXbG1JQ2hKYm5SbFoyVnlMbkJoY25ObFNXNTBLSFpoYkhWbEtTQW1iSFE3SURBcElIc0tDZ3BUZEdGamEzUnlZV05sT2dvSmIzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdWMyVnlkbXhsZEM1S2MzQlRaWEoyYkdWMFYzSmhjSEJsY2k1b1lXNWtiR1ZLYzNCRmVHTmxjSFJwYjI0b1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8xT0RNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTmpZcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2NtOXZkQ0JqWVhWelpUd3ZZajQ4TDNBK1BIQnlaVDVxWVhaaGVDNXpaWEoyYkdWMExsTmxjblpzWlhSRmVHTmxjSFJwYjI0NklHcGhkbUV1YzNGc0xsTlJURVY0WTJWd2RHbHZiam9nVlc1bGVIQmxZM1JsWkNCbGJtUWdiMllnWTI5dGJXRnVaQ0JwYmlCemRHRjBaVzFsYm5RZ1cxVlFSRUZVUlNCQ1lYTnJaWFJEYjI1MFpXNTBjeUJUUlZRZ2NYVmhiblJwZEhrZ1BTQXhJRmRJUlZKRklHSmhjMnRsZEdsa1BUSW5JRUZPUkNCd2NtOWtkV04wYVdRZ1BTQXhPRjBLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1VUdGblpVTnZiblJsZUhSSmJYQnNMbVJ2U0dGdVpHeGxVR0ZuWlVWNFkyVndkR2x2YmloUVlXZGxRMjl1ZEdWNGRFbHRjR3d1YW1GMllUbzVNRGtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1eWRXNTBhVzFsTGxCaFoyVkRiMjUwWlhoMFNXMXdiQzVvWVc1a2JHVlFZV2RsUlhoalpYQjBhVzl1S0ZCaFoyVkRiMjUwWlhoMFNXMXdiQzVxWVhaaE9qZ3pPQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFuTndMbUpoYzJ0bGRGOXFjM0F1WDJwemNGTmxjblpwWTJVb1ltRnphMlYwWDJwemNDNXFZWFpoT2pRME1pa0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbkoxYm5ScGJXVXVTSFIwY0VwemNFSmhjMlV1YzJWeWRtbGpaU2hJZEhSd1NuTndRbUZ6WlM1cVlYWmhPamN3S1FvSmFtRjJZWGd1YzJWeWRteGxkQzVvZEhSd0xraDBkSEJUWlhKMmJHVjBMbk5sY25acFkyVW9TSFIwY0ZObGNuWnNaWFF1YW1GMllUbzNNamtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhSWGNtRndjR1Z5TG5ObGNuWnBZMlVvU25Od1UyVnlkbXhsZEZkeVlYQndaWEl1YW1GMllUbzBORE1wQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhRdWMyVnlkbWxqWlVwemNFWnBiR1VvU25Od1UyVnlkbXhsZEM1cVlYWmhPak00TlNrS0NXOXlaeTVoY0dGamFHVXVhbUZ6Y0dWeUxuTmxjblpzWlhRdVNuTndVMlZ5ZG14bGRDNXpaWEoyYVdObEtFcHpjRk5sY25ac1pYUXVhbUYyWVRvek1qa3BDZ2xxWVhaaGVDNXpaWEoyYkdWMExtaDBkSEF1U0hSMGNGTmxjblpzWlhRdWMyVnlkbWxqWlNoSWRIUndVMlZ5ZG14bGRDNXFZWFpoT2pjeU9Ta0tDVzl5Wnk1aGNHRmphR1V1ZEc5dFkyRjBMbmRsWW5OdlkydGxkQzV6WlhKMlpYSXVWM05HYVd4MFpYSXVaRzlHYVd4MFpYSW9WM05HYVd4MFpYSXVhbUYyWVRvMU15a0tQQzl3Y21VK1BIQStQR0krY205dmRDQmpZWFZ6WlR3dllqNDhMM0ErUEhCeVpUNXFZWFpoTG5OeGJDNVRVVXhGZUdObGNIUnBiMjQ2SUZWdVpYaHdaV04wWldRZ1pXNWtJRzltSUdOdmJXMWhibVFnYVc0Z2MzUmhkR1Z0Wlc1MElGdFZVRVJCVkVVZ1FtRnphMlYwUTI5dWRHVnVkSE1nVTBWVUlIRjFZVzUwYVhSNUlEMGdNU0JYU0VWU1JTQmlZWE5yWlhScFpEMHlKeUJCVGtRZ2NISnZaSFZqZEdsa0lEMGdNVGhkQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11VlhScGJDNTBhSEp2ZDBWeWNtOXlLRlZ1YTI1dmQyNGdVMjkxY21ObEtRb0piM0puTG1oemNXeGtZaTVxWkdKakxtcGtZbU5RY21Wd1lYSmxaRk4wWVhSbGJXVnVkQzRtYkhRN2FXNXBkQ1puZERzb1ZXNXJibTkzYmlCVGIzVnlZMlVwQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11YW1SaVkwTnZibTVsWTNScGIyNHVjSEpsY0dGeVpWTjBZWFJsYldWdWRDaFZibXR1YjNkdUlGTnZkWEpqWlNrS0NXOXlaeTVoY0dGamFHVXVhbk53TG1KaGMydGxkRjlxYzNBdVgycHpjRk5sY25acFkyVW9ZbUZ6YTJWMFgycHpjQzVxWVhaaE9qTTJOQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1U0hSMGNFcHpjRUpoYzJVdWMyVnlkbWxqWlNoSWRIUndTbk53UW1GelpTNXFZWFpoT2pjd0tRb0phbUYyWVhndWMyVnlkbXhsZEM1b2RIUndMa2gwZEhCVFpYSjJiR1YwTG5ObGNuWnBZMlVvU0hSMGNGTmxjblpzWlhRdWFtRjJZVG8zTWprcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTkRNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2JtOTBaVHd2WWo0Z1BIVStWR2hsSUdaMWJHd2djM1JoWTJzZ2RISmhZMlVnYjJZZ2RHaGxJSEp2YjNRZ1kyRjFjMlVnYVhNZ1lYWmhhV3hoWW14bElHbHVJSFJvWlNCQmNHRmphR1VnVkc5dFkyRjBMemt1TUM0d0xrMDBJR3h2WjNNdVBDOTFQand2Y0Q0OGFISWdZMnhoYzNNOUlteHBibVVpUGp4b016NUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5b016NDhMMkp2WkhrK1BDOW9kRzFzUGc9PQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 33,
+ "fields": {
+ "finding": 307,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKeVoxYzJWeWJtRnRaVDA9",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLRFFvOGNDQnpkSGxzWlQwaVkyOXNiM0k2Y21Wa0lqNVpiM1VnYzNWd2NHeHBaV1FnWVc0Z2FXNTJZV3hwWkNCdVlXMWxJRzl5SUhCaGMzTjNiM0prTGp3dmNENEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 34,
+ "fields": {
+ "finding": 307,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQU2M9",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTVNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZFhObGNqRkFkR2hsWW05a1oyVnBkSE4wYjNKbExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb05Danh3SUhOMGVXeGxQU0pqYjJ4dmNqcHlaV1FpUGxsdmRTQnpkWEJ3YkdsbFpDQmhiaUJwYm5aaGJHbGtJRzVoYldVZ2IzSWdjR0Z6YzNkdmNtUXVQQzl3UGdvTkNqeG9NejVNYjJkcGJqd3ZhRE0rRFFwUWJHVmhjMlVnWlc1MFpYSWdlVzkxY2lCamNtVmtaVzUwYVdGc2N6b2dQR0p5THo0OFluSXZQZzBLUEdadmNtMGdiV1YwYUc5a1BTSlFUMU5VSWo0TkNnazhZMlZ1ZEdWeVBnMEtDVHgwWVdKc1pUNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1VmMyVnlibUZ0WlRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0oxYzJWeWJtRnRaU0lnYm1GdFpUMGlkWE5sY201aGJXVWlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUeDBjajROQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0RRb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluQmhjM04zYjNKa0lpQnVZVzFsUFNKd1lYTnpkMjl5WkNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENE5DZ2s4TDNSeVBnMEtDVHgwY2o0TkNna0pQSFJrUGp3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVEc5bmFXNGlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUd3ZkR0ZpYkdVK0RRb0pQQzlqWlc1MFpYSStEUW84TDJadmNtMCtEUXBKWmlCNWIzVWdaRzl1ZENCb1lYWmxJR0Z1SUdGalkyOTFiblFnZDJsMGFDQjFjeUIwYUdWdUlIQnNaV0Z6WlNBOFlTQm9jbVZtUFNKeVpXZHBjM1JsY2k1cWMzQWlQbEpsWjJsemRHVnlQQzloUGlCdWIzY2dabTl5SUdFZ1puSmxaU0JoWTJOdmRXNTBMZzBLUEdKeUx6NDhZbkl2UGcwS0RRbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2cwS0RRbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 35,
+ "fields": {
+ "finding": 307,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiU2NtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTNNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDbE41YzNSbGJTQmxjbkp2Y2k0S0Nnb0tDZ29LUENGRVQwTlVXVkJGSUVoVVRVd2dVRlZDVEVsRElDSXRMeTlYTTBNdkwwUlVSQ0JJVkUxTUlETXVNaTh2UlU0aVBnbzhhSFJ0YkQ0S1BHaGxZV1ErQ2p4MGFYUnNaVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2ZEdsMGJHVStDanhzYVc1cklHaHlaV1k5SW5OMGVXeGxMbU56Y3lJZ2NtVnNQU0p6ZEhsc1pYTm9aV1YwSWlCMGVYQmxQU0owWlhoMEwyTnpjeUlnTHo0S1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlJSE55WXowaUxpOXFjeTkxZEdsc0xtcHpJajQ4TDNOamNtbHdkRDRLUEM5b1pXRmtQZ284WW05a2VUNEtDanhqWlc1MFpYSStDangwWVdKc1pTQjNhV1IwYUQwaU9EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhTREUrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDBneFBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBWd2libTlpYjNKa1pYSmNJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlQaVp1WW5Od096d3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTkRBbElqNVhaU0JpYjJSblpTQnBkQ3dnYzI4Z2VXOTFJR1J2Ym5RZ2FHRjJaU0IwYnlFOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJZ2MzUjViR1U5SW5SbGVIUXRZV3hwWjI0NklISnBaMmgwSWlBK0NsVnpaWEk2SUR4aElHaHlaV1k5SW5CaGMzTjNiM0prTG1wemNDSStkR1Z6ZEVCMFpYTjBMbU52YlhsbU1UTTJQSE5qY21sd2RENWhiR1Z5ZENneEtUd3ZjMk55YVhCMFBtcHNaV1IxUEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1VtVm5hWE4wWlhJOEwyZ3pQZ29LQ2xCc1pXRnpaU0JsYm5SbGNpQjBhR1VnWm05c2JHOTNhVzVuSUdSbGRHRnBiSE1nZEc4Z2NtVm5hWE4wWlhJZ2QybDBhQ0IxY3pvZ1BHSnlMejQ4WW5JdlBnbzhabTl5YlNCdFpYUm9iMlE5SWxCUFUxUWlQZ29KUEdObGJuUmxjajRLQ1R4MFlXSnNaVDRLQ1R4MGNqNEtDUWs4ZEdRK1ZYTmxjbTVoYldVZ0tIbHZkWElnWlcxaGFXd2dZV1JrY21WemN5azZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKMWMyVnlibUZ0WlNJZ2JtRnRaVDBpZFhObGNtNWhiV1VpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReElpQnVZVzFsUFNKd1lYTnpkMjl5WkRFaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDVEYjI1bWFYSnRJRkJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReUlpQnVZVzFsUFNKd1lYTnpkMjl5WkRJaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDQ4TDNSa1Bnb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluTjFZbTFwZENJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlVbVZuYVhOMFpYSWlQand2YVc1d2RYUStQQzkwWkQ0S0NUd3ZkSEkrQ2drOEwzUmhZbXhsUGdvSlBDOWpaVzUwWlhJK0Nqd3ZabTl5YlQ0S0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 36,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 37,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 38,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 39,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 40,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 41,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 42,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 43,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 44,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 45,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 46,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 47,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 48,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 49,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 50,
+ "fields": {
+ "finding": 308,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 51,
+ "fields": {
+ "finding": 309,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 52,
+ "fields": {
+ "finding": 309,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 53,
+ "fields": {
+ "finding": 309,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 54,
+ "fields": {
+ "finding": 338,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 55,
+ "fields": {
+ "finding": 338,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 56,
+ "fields": {
+ "finding": 338,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 57,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 58,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 59,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 60,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 61,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 62,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 63,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 64,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 65,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 66,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 67,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 68,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 69,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 70,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 71,
+ "fields": {
+ "finding": 339,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 72,
+ "fields": {
+ "finding": 340,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiWGxtTVRNMlBITmpjbWx3ZEQ1aGJHVnlkQ2d4S1R3bE1tWnpZM0pwY0hRK2FteGxaSFVtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nWWw5cFpEME5Da052Ym5SbGJuUXRWSGx3WlRvZ2RHVjRkQzlvZEcxc08yTm9ZWEp6WlhROVNWTlBMVGc0TlRrdE1RMEtRMjl1ZEdWdWRDMU1aVzVuZEdnNklESXdORGtOQ2tSaGRHVTZJRk5oZEN3Z01qY2dRWFZuSURJd01UWWdNREk2TVRJNk1UVWdSMDFVRFFwRGIyNXVaV04wYVc5dU9pQmpiRzl6WlEwS0RRb0tDZ29LQ2dvS0NnbzhJVVJQUTFSWlVFVWdTRlJOVENCUVZVSk1TVU1nSWkwdkwxY3pReTh2UkZSRUlFaFVUVXdnTXk0eUx5OUZUaUkrQ2p4b2RHMXNQZ284YUdWaFpENEtQSFJwZEd4bFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOTBhWFJzWlQ0S1BHeHBibXNnYUhKbFpqMGljM1I1YkdVdVkzTnpJaUJ5Wld3OUluTjBlV3hsYzJobFpYUWlJSFI1Y0dVOUluUmxlSFF2WTNOeklpQXZQZ284YzJOeWFYQjBJSFI1Y0dVOUluUmxlSFF2YW1GMllYTmpjbWx3ZENJZ2MzSmpQU0l1TDJwekwzVjBhV3d1YW5NaVBqd3ZjMk55YVhCMFBnbzhMMmhsWVdRK0NqeGliMlI1UGdvS1BHTmxiblJsY2o0S1BIUmhZbXhsSUhkcFpIUm9QU0k0TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4SU1UNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZTREUrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005WENKdWIySnZjbVJsY2x3aVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSTBNQ1VpUGxkbElHSnZaR2RsSUdsMExDQnpieUI1YjNVZ1pHOXVkQ0JvWVhabElIUnZJVHd2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRDRLVlhObGNqb2dQR0VnYUhKbFpqMGljR0Z6YzNkdmNtUXVhbk53SWo1MFpYTjBRSFJsYzNRdVkyOXRlV1l4TXpZOGMyTnlhWEIwUG1Gc1pYSjBLREVwUEM5elkzSnBjSFErYW14bFpIVThMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 73,
+ "fields": {
+ "finding": 340,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQS9jVDAxTlRVdE5UVTFMVEF4T1RsQVpYaGhiWEJzWlM1amIyMXJPR1owYnp4elkzSnBjSFErWVd4bGNuUW9NU2s4SlRKbWMyTnlhWEIwUG01M2VETnNJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qRXdOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhZajVaYjNVZ2MyVmhjbU5vWldRZ1ptOXlPand2WWo0Z05UVTFMVFUxTlMwd01UazVRR1Y0WVcxd2JHVXVZMjl0YXpobWRHODhjMk55YVhCMFBtRnNaWEowS0RFcFBDOXpZM0pwY0hRK2JuZDRNMnc4WW5JdlBqeGljaTgrQ2p4a2FYWStQR0krVG04Z1VtVnpkV3gwY3lCR2IzVnVaRHd2WWo0OEwyUnBkajRLQ2p3dlptOXVkRDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 74,
+ "fields": {
+ "finding": 342,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 75,
+ "fields": {
+ "finding": 343,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkQ1UwTUhSbGMzUXVZMjl0Sm5CaGMzTjNiM0prTVQxMFpYTjBNVEl6Sm5CaGMzTjNiM0prTWoxMFpYTjBNVEl6",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qQXhOQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1RveU5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5SbGMzUkFkR1Z6ZEM1amIyMDhMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 76,
+ "fields": {
+ "finding": 343,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXlOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVQZFhJZ1FtVnpkQ0JFWldGc2N5RThMMmd6UGdvOFkyVnVkR1Z5UGp4MFlXSnNaU0JpYjNKa1pYSTlJakVpSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGxCeWIyUjFZM1E4TDNSb1BqeDBhRDVVZVhCbFBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1Bqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU5TSStSMW9nU3pjM1BDOWhQand2ZEdRK1BIUmtQa2RwZW0xdmN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU1EVThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TlNJK1ZHaHBibWRwWlNBeVBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU55SStSRzl2SUdSaGFDQmtZWGs4TDJFK1BDOTBaRDQ4ZEdRK1JHOXZaR0ZvY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRFl1TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNallpUGxwcGNDQmhJR1JsWlNCa2IyOGdaR0ZvUEM5aFBqd3ZkR1ErUEhSa1BrUnZiMlJoYUhNOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF6TGprNVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEk1SWo1VWFYQnZabTE1ZEc5dVozVmxQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamMwUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BURTNJajVYYUdGMGMybDBJR05oYkd4bFpEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1UVWlQbFJIU2lCSVNFazhMMkUrUEM5MFpENDhkR1ErVkdocGJtZGhiV0ZxYVdkelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTWk0eE1Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB5TkNJK1Ixb2dSbG80UEM5aFBqd3ZkR1ErUEhSa1BrZHBlbTF2Y3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREV1TURBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNamNpUGtSdmJ5QmtZV2dnWkdGNVBDOWhQand2ZEdRK1BIUmtQa1J2YjJSaGFITThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRMkxqVXdQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2NISnZaR2xrUFRJd0lqNVhhR0YwYzJsMElIUmhjM1JsSUd4cGEyVThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamsyUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 77,
+ "fields": {
+ "finding": 343,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTWpBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5RFFvTkNuVndaR0YwWlQxVmNHUmhkR1VyUW1GemEyVjA=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016TXlNQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4d0lITjBlV3hsUFNKamIyeHZjanBuY21WbGJpSStXVzkxY2lCaVlYTnJaWFFnYUdGa0lHSmxaVzRnZFhCa1lYUmxaQzQ4TDNBK1BHSnlMejRLUEdadmNtMGdZV04wYVc5dVBTSmlZWE5yWlhRdWFuTndJaUJ0WlhSb2IyUTlJbkJ2YzNRaVBnbzhkR0ZpYkdVZ1ltOXlaR1Z5UFNJeElpQmpiR0Z6Y3owaVltOXlaR1Z5SWlCM2FXUjBhRDBpT0RBbElqNEtQSFJ5UGp4MGFENVFjbTlrZFdOMFBDOTBhRDQ4ZEdnK1VYVmhiblJwZEhrOEwzUm9QangwYUQ1UWNtbGpaVHd2ZEdnK1BIUm9QbFJ2ZEdGc1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVGdpUGxkb1lYUnphWFFnZDJWcFoyZzhMMkUrUEM5MFpENEtQSFJrSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCalpXNTBaWElpUGladVluTndPenhoSUdoeVpXWTlJaU1pSUc5dVkyeHBZMnM5SW1SbFkxRjFZVzUwYVhSNUtERTRLVHNpUGp4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRNd0xuQnVaeUlnWVd4MFBTSkVaV055WldGelpTQnhkV0Z1ZEdsMGVTQnBiaUJpWVhOclpYUWlJR0p2Y21SbGNqMGlNQ0krUEM5aFBpWnVZbk53T3p4cGJuQjFkQ0JwWkQwaWNYVmhiblJwZEhsZk1UZ2lJRzVoYldVOUluRjFZVzUwYVhSNVh6RTRJaUIyWVd4MVpUMGlNU0lnYldGNGJHVnVaM1JvUFNJeUlpQnphWHBsSUQwZ0lqSWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdVa1ZCUkU5T1RGa2dMejRtYm1KemNEczhZU0JvY21WbVBTSWpJaUJ2Ym1Oc2FXTnJQU0pwYm1OUmRXRnVkR2wwZVNneE9DazdJajQ4YVcxbklITnlZejBpYVcxaFoyVnpMekV5T1M1d2JtY2lJR0ZzZEQwaVNXNWpjbVZoYzJVZ2NYVmhiblJwZEhrZ2FXNGdZbUZ6YTJWMElpQmliM0prWlhJOUlqQWlQand2WVQ0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQxTUR3dmRHUStDand2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStQSFJrUGxSdmRHRnNQQzkwWkQ0OGRHUWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJR05sYm5SbGNpSStQR2x1Y0hWMElHbGtQU0oxY0dSaGRHVWlJRzVoYldVOUluVndaR0YwWlNJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlWWEJrWVhSbElFSmhjMnRsZENJdlBqd3ZkR1ErUEhSa1BpWnVZbk53T3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQand2ZEhJK0Nqd3ZkR0ZpYkdVK0NnbzhMMlp2Y20wK0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 78,
+ "fields": {
+ "finding": 343,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 79,
+ "fields": {
+ "finding": 343,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 80,
+ "fields": {
+ "finding": 343,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 81,
+ "fields": {
+ "finding": 343,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 82,
+ "fields": {
+ "finding": 343,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXpOUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpvd09TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5WelpYSXhRSFJvWldKdlpHZGxhWFJ6ZEc5eVpTNWpiMjA4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1U1pXZHBjM1JsY2p3dmFETStDZ29LVUd4bFlYTmxJR1Z1ZEdWeUlIUm9aU0JtYjJ4c2IzZHBibWNnWkdWMFlXbHNjeUIwYnlCeVpXZHBjM1JsY2lCM2FYUm9JSFZ6T2lBOFluSXZQanhpY2k4K0NqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStDZ2s4WTJWdWRHVnlQZ29KUEhSaFlteGxQZ29KUEhSeVBnb0pDVHgwWkQ1VmMyVnlibUZ0WlNBb2VXOTFjaUJsYldGcGJDQmhaR1J5WlhOektUbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5WelpYSnVZVzFsSWlCdVlXMWxQU0oxYzJWeWJtRnRaU0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRFaUlHNWhiV1U5SW5CaGMzTjNiM0prTVNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQa052Ym1acGNtMGdVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRJaUlHNWhiV1U5SW5CaGMzTjNiM0prTWlJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWMzVmliV2wwSWlCMGVYQmxQU0p6ZFdKdGFYUWlJSFpoYkhWbFBTSlNaV2RwYzNSbGNpSStQQzlwYm5CMWRENDhMM1JrUGdvSlBDOTBjajRLQ1R3dmRHRmliR1UrQ2drOEwyTmxiblJsY2o0S1BDOW1iM0p0UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 83,
+ "fields": {
+ "finding": 343,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 84,
+ "fields": {
+ "finding": 344,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 85,
+ "fields": {
+ "finding": 345,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTXpRTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5SncwS0RRcHhkV0Z1ZEdsMGVWOHhPRDB4Sm5Wd1pHRjBaVDFWY0dSaGRHVXJRbUZ6YTJWMA==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTlRBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxMWRHWXRPQTBLUTI5dWRHVnVkQzFNWVc1bmRXRm5aVG9nWlc0TkNrTnZiblJsYm5RdFRHVnVaM1JvT2lBME1EZzBEUXBFWVhSbE9pQlRZWFFzSURJM0lFRjFaeUF5TURFMklEQXlPakV4T2pRMElFZE5WQTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2cwS1BDRkVUME5VV1ZCRklHaDBiV3crUEdoMGJXdytQR2hsWVdRK1BIUnBkR3hsUGtGd1lXTm9aU0JVYjIxallYUXZPUzR3TGpBdVRUUWdMU0JGY25KdmNpQnlaWEJ2Y25ROEwzUnBkR3hsUGp4emRIbHNaU0IwZVhCbFBTSjBaWGgwTDJOemN5SStTREVnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0bWIyNTBMWE5wZW1VNk1qSndlRHQ5SUVneUlIdG1iMjUwTFdaaGJXbHNlVHBVWVdodmJXRXNRWEpwWVd3c2MyRnVjeTF6WlhKcFpqdGpiMnh2Y2pwM2FHbDBaVHRpWVdOclozSnZkVzVrTFdOdmJHOXlPaU0xTWpWRU56WTdabTl1ZEMxemFYcGxPakUyY0hnN2ZTQklNeUI3Wm05dWRDMW1ZVzFwYkhrNlZHRm9iMjFoTEVGeWFXRnNMSE5oYm5NdGMyVnlhV1k3WTI5c2IzSTZkMmhwZEdVN1ltRmphMmR5YjNWdVpDMWpiMnh2Y2pvak5USTFSRGMyTzJadmJuUXRjMmw2WlRveE5IQjRPMzBnUWs5RVdTQjdabTl1ZEMxbVlXMXBiSGs2VkdGb2IyMWhMRUZ5YVdGc0xITmhibk10YzJWeWFXWTdZMjlzYjNJNllteGhZMnM3WW1GamEyZHliM1Z1WkMxamIyeHZjanAzYUdsMFpUdDlJRUlnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0OUlGQWdlMlp2Ym5RdFptRnRhV3g1T2xSaGFHOXRZU3hCY21saGJDeHpZVzV6TFhObGNtbG1PMkpoWTJ0bmNtOTFibVE2ZDJocGRHVTdZMjlzYjNJNllteGhZMnM3Wm05dWRDMXphWHBsT2pFeWNIZzdmVUVnZTJOdmJHOXlJRG9nWW14aFkyczdmVUV1Ym1GdFpTQjdZMjlzYjNJZ09pQmliR0ZqYXp0OUxteHBibVVnZTJobGFXZG9kRG9nTVhCNE95QmlZV05yWjNKdmRXNWtMV052Ykc5eU9pQWpOVEkxUkRjMk95QmliM0prWlhJNklHNXZibVU3ZlR3dmMzUjViR1UrSUR3dmFHVmhaRDQ4WW05a2VUNDhhREUrU0ZSVVVDQlRkR0YwZFhNZ05UQXdJQzBnUVc0Z1pYaGpaWEIwYVc5dUlHOWpZM1Z5Y21Wa0lIQnliMk5sYzNOcGJtY2dTbE5RSUhCaFoyVWdMMkpoYzJ0bGRDNXFjM0FnWVhRZ2JHbHVaU0F5TkRROEwyZ3hQanhrYVhZZ1kyeGhjM005SW14cGJtVWlQand2WkdsMlBqeHdQanhpUG5SNWNHVThMMkkrSUVWNFkyVndkR2x2YmlCeVpYQnZjblE4TDNBK1BIQStQR0krYldWemMyRm5aVHd2WWo0Z1BIVStRVzRnWlhoalpYQjBhVzl1SUc5alkzVnljbVZrSUhCeWIyTmxjM05wYm1jZ1NsTlFJSEJoWjJVZ0wySmhjMnRsZEM1cWMzQWdZWFFnYkdsdVpTQXlORFE4TDNVK1BDOXdQanh3UGp4aVBtUmxjMk55YVhCMGFXOXVQQzlpUGlBOGRUNVVhR1VnYzJWeWRtVnlJR1Z1WTI5MWJuUmxjbVZrSUdGdUlHbHVkR1Z5Ym1Gc0lHVnljbTl5SUhSb1lYUWdjSEpsZG1WdWRHVmtJR2wwSUdaeWIyMGdablZzWm1sc2JHbHVaeUIwYUdseklISmxjWFZsYzNRdVBDOTFQand2Y0Q0OGNENDhZajVsZUdObGNIUnBiMjQ4TDJJK1BDOXdQanh3Y21VK2IzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdVNtRnpjR1Z5UlhoalpYQjBhVzl1T2lCQmJpQmxlR05sY0hScGIyNGdiMk5qZFhKeVpXUWdjSEp2WTJWemMybHVaeUJLVTFBZ2NHRm5aU0F2WW1GemEyVjBMbXB6Y0NCaGRDQnNhVzVsSURJME5Bb0tNalF4T2lBSkNRa0pDWE4wYlhRdVpYaGxZM1YwWlNncE93b3lOREk2SUFrSkNRa0pjM1J0ZEM1amJHOXpaU2dwT3drSkNRa0pDUW95TkRNNklBa0pDUWw5SUdWc2MyVWdld295TkRRNklBa0pDUWtKYzNSdGRDQTlJR052Ym00dWNISmxjR0Z5WlZOMFlYUmxiV1Z1ZENnbWNYVnZkRHRWVUVSQlZFVWdRbUZ6YTJWMFEyOXVkR1Z1ZEhNZ1UwVlVJSEYxWVc1MGFYUjVJRDBnSm5GMWIzUTdJQ3NnU1c1MFpXZGxjaTV3WVhKelpVbHVkQ2gyWVd4MVpTa2dLeUFtY1hWdmREc2dWMGhGVWtVZ1ltRnphMlYwYVdROUpuRjFiM1E3SUNzZ1ltRnphMlYwU1dRZ0t3b3lORFU2SUFrSkNRa0pDUWttY1hWdmREc2dRVTVFSUhCeWIyUjFZM1JwWkNBOUlDWnhkVzkwT3lBcklIQnliMlJKWkNrN0NqSTBOam9nQ1FrSkNRbHpkRzEwTG1WNFpXTjFkR1VvS1RzS01qUTNPaUFKQ1FrSkNXbG1JQ2hKYm5SbFoyVnlMbkJoY25ObFNXNTBLSFpoYkhWbEtTQW1iSFE3SURBcElIc0tDZ3BUZEdGamEzUnlZV05sT2dvSmIzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdWMyVnlkbXhsZEM1S2MzQlRaWEoyYkdWMFYzSmhjSEJsY2k1b1lXNWtiR1ZLYzNCRmVHTmxjSFJwYjI0b1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8xT0RNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTmpZcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2NtOXZkQ0JqWVhWelpUd3ZZajQ4TDNBK1BIQnlaVDVxWVhaaGVDNXpaWEoyYkdWMExsTmxjblpzWlhSRmVHTmxjSFJwYjI0NklHcGhkbUV1YzNGc0xsTlJURVY0WTJWd2RHbHZiam9nVlc1bGVIQmxZM1JsWkNCbGJtUWdiMllnWTI5dGJXRnVaQ0JwYmlCemRHRjBaVzFsYm5RZ1cxVlFSRUZVUlNCQ1lYTnJaWFJEYjI1MFpXNTBjeUJUUlZRZ2NYVmhiblJwZEhrZ1BTQXhJRmRJUlZKRklHSmhjMnRsZEdsa1BUSW5JRUZPUkNCd2NtOWtkV04wYVdRZ1BTQXhPRjBLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1VUdGblpVTnZiblJsZUhSSmJYQnNMbVJ2U0dGdVpHeGxVR0ZuWlVWNFkyVndkR2x2YmloUVlXZGxRMjl1ZEdWNGRFbHRjR3d1YW1GMllUbzVNRGtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1eWRXNTBhVzFsTGxCaFoyVkRiMjUwWlhoMFNXMXdiQzVvWVc1a2JHVlFZV2RsUlhoalpYQjBhVzl1S0ZCaFoyVkRiMjUwWlhoMFNXMXdiQzVxWVhaaE9qZ3pPQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFuTndMbUpoYzJ0bGRGOXFjM0F1WDJwemNGTmxjblpwWTJVb1ltRnphMlYwWDJwemNDNXFZWFpoT2pRME1pa0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbkoxYm5ScGJXVXVTSFIwY0VwemNFSmhjMlV1YzJWeWRtbGpaU2hJZEhSd1NuTndRbUZ6WlM1cVlYWmhPamN3S1FvSmFtRjJZWGd1YzJWeWRteGxkQzVvZEhSd0xraDBkSEJUWlhKMmJHVjBMbk5sY25acFkyVW9TSFIwY0ZObGNuWnNaWFF1YW1GMllUbzNNamtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhSWGNtRndjR1Z5TG5ObGNuWnBZMlVvU25Od1UyVnlkbXhsZEZkeVlYQndaWEl1YW1GMllUbzBORE1wQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhRdWMyVnlkbWxqWlVwemNFWnBiR1VvU25Od1UyVnlkbXhsZEM1cVlYWmhPak00TlNrS0NXOXlaeTVoY0dGamFHVXVhbUZ6Y0dWeUxuTmxjblpzWlhRdVNuTndVMlZ5ZG14bGRDNXpaWEoyYVdObEtFcHpjRk5sY25ac1pYUXVhbUYyWVRvek1qa3BDZ2xxWVhaaGVDNXpaWEoyYkdWMExtaDBkSEF1U0hSMGNGTmxjblpzWlhRdWMyVnlkbWxqWlNoSWRIUndVMlZ5ZG14bGRDNXFZWFpoT2pjeU9Ta0tDVzl5Wnk1aGNHRmphR1V1ZEc5dFkyRjBMbmRsWW5OdlkydGxkQzV6WlhKMlpYSXVWM05HYVd4MFpYSXVaRzlHYVd4MFpYSW9WM05HYVd4MFpYSXVhbUYyWVRvMU15a0tQQzl3Y21VK1BIQStQR0krY205dmRDQmpZWFZ6WlR3dllqNDhMM0ErUEhCeVpUNXFZWFpoTG5OeGJDNVRVVXhGZUdObGNIUnBiMjQ2SUZWdVpYaHdaV04wWldRZ1pXNWtJRzltSUdOdmJXMWhibVFnYVc0Z2MzUmhkR1Z0Wlc1MElGdFZVRVJCVkVVZ1FtRnphMlYwUTI5dWRHVnVkSE1nVTBWVUlIRjFZVzUwYVhSNUlEMGdNU0JYU0VWU1JTQmlZWE5yWlhScFpEMHlKeUJCVGtRZ2NISnZaSFZqZEdsa0lEMGdNVGhkQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11VlhScGJDNTBhSEp2ZDBWeWNtOXlLRlZ1YTI1dmQyNGdVMjkxY21ObEtRb0piM0puTG1oemNXeGtZaTVxWkdKakxtcGtZbU5RY21Wd1lYSmxaRk4wWVhSbGJXVnVkQzRtYkhRN2FXNXBkQ1puZERzb1ZXNXJibTkzYmlCVGIzVnlZMlVwQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11YW1SaVkwTnZibTVsWTNScGIyNHVjSEpsY0dGeVpWTjBZWFJsYldWdWRDaFZibXR1YjNkdUlGTnZkWEpqWlNrS0NXOXlaeTVoY0dGamFHVXVhbk53TG1KaGMydGxkRjlxYzNBdVgycHpjRk5sY25acFkyVW9ZbUZ6YTJWMFgycHpjQzVxWVhaaE9qTTJOQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1U0hSMGNFcHpjRUpoYzJVdWMyVnlkbWxqWlNoSWRIUndTbk53UW1GelpTNXFZWFpoT2pjd0tRb0phbUYyWVhndWMyVnlkbXhsZEM1b2RIUndMa2gwZEhCVFpYSjJiR1YwTG5ObGNuWnBZMlVvU0hSMGNGTmxjblpzWlhRdWFtRjJZVG8zTWprcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTkRNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2JtOTBaVHd2WWo0Z1BIVStWR2hsSUdaMWJHd2djM1JoWTJzZ2RISmhZMlVnYjJZZ2RHaGxJSEp2YjNRZ1kyRjFjMlVnYVhNZ1lYWmhhV3hoWW14bElHbHVJSFJvWlNCQmNHRmphR1VnVkc5dFkyRjBMemt1TUM0d0xrMDBJR3h2WjNNdVBDOTFQand2Y0Q0OGFISWdZMnhoYzNNOUlteHBibVVpUGp4b016NUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5b016NDhMMkp2WkhrK1BDOW9kRzFzUGc9PQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 86,
+ "fields": {
+ "finding": 345,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKeVoxYzJWeWJtRnRaVDA9",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLRFFvOGNDQnpkSGxzWlQwaVkyOXNiM0k2Y21Wa0lqNVpiM1VnYzNWd2NHeHBaV1FnWVc0Z2FXNTJZV3hwWkNCdVlXMWxJRzl5SUhCaGMzTjNiM0prTGp3dmNENEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 87,
+ "fields": {
+ "finding": 345,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQU2M9",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTVNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZFhObGNqRkFkR2hsWW05a1oyVnBkSE4wYjNKbExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb05Danh3SUhOMGVXeGxQU0pqYjJ4dmNqcHlaV1FpUGxsdmRTQnpkWEJ3YkdsbFpDQmhiaUJwYm5aaGJHbGtJRzVoYldVZ2IzSWdjR0Z6YzNkdmNtUXVQQzl3UGdvTkNqeG9NejVNYjJkcGJqd3ZhRE0rRFFwUWJHVmhjMlVnWlc1MFpYSWdlVzkxY2lCamNtVmtaVzUwYVdGc2N6b2dQR0p5THo0OFluSXZQZzBLUEdadmNtMGdiV1YwYUc5a1BTSlFUMU5VSWo0TkNnazhZMlZ1ZEdWeVBnMEtDVHgwWVdKc1pUNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1VmMyVnlibUZ0WlRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0oxYzJWeWJtRnRaU0lnYm1GdFpUMGlkWE5sY201aGJXVWlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUeDBjajROQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0RRb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluQmhjM04zYjNKa0lpQnVZVzFsUFNKd1lYTnpkMjl5WkNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENE5DZ2s4TDNSeVBnMEtDVHgwY2o0TkNna0pQSFJrUGp3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVEc5bmFXNGlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUd3ZkR0ZpYkdVK0RRb0pQQzlqWlc1MFpYSStEUW84TDJadmNtMCtEUXBKWmlCNWIzVWdaRzl1ZENCb1lYWmxJR0Z1SUdGalkyOTFiblFnZDJsMGFDQjFjeUIwYUdWdUlIQnNaV0Z6WlNBOFlTQm9jbVZtUFNKeVpXZHBjM1JsY2k1cWMzQWlQbEpsWjJsemRHVnlQQzloUGlCdWIzY2dabTl5SUdFZ1puSmxaU0JoWTJOdmRXNTBMZzBLUEdKeUx6NDhZbkl2UGcwS0RRbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2cwS0RRbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 88,
+ "fields": {
+ "finding": 345,
+ "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiU2NtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTNNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDbE41YzNSbGJTQmxjbkp2Y2k0S0Nnb0tDZ29LUENGRVQwTlVXVkJGSUVoVVRVd2dVRlZDVEVsRElDSXRMeTlYTTBNdkwwUlVSQ0JJVkUxTUlETXVNaTh2UlU0aVBnbzhhSFJ0YkQ0S1BHaGxZV1ErQ2p4MGFYUnNaVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2ZEdsMGJHVStDanhzYVc1cklHaHlaV1k5SW5OMGVXeGxMbU56Y3lJZ2NtVnNQU0p6ZEhsc1pYTm9aV1YwSWlCMGVYQmxQU0owWlhoMEwyTnpjeUlnTHo0S1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlJSE55WXowaUxpOXFjeTkxZEdsc0xtcHpJajQ4TDNOamNtbHdkRDRLUEM5b1pXRmtQZ284WW05a2VUNEtDanhqWlc1MFpYSStDangwWVdKc1pTQjNhV1IwYUQwaU9EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhTREUrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDBneFBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBWd2libTlpYjNKa1pYSmNJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlQaVp1WW5Od096d3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTkRBbElqNVhaU0JpYjJSblpTQnBkQ3dnYzI4Z2VXOTFJR1J2Ym5RZ2FHRjJaU0IwYnlFOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJZ2MzUjViR1U5SW5SbGVIUXRZV3hwWjI0NklISnBaMmgwSWlBK0NsVnpaWEk2SUR4aElHaHlaV1k5SW5CaGMzTjNiM0prTG1wemNDSStkR1Z6ZEVCMFpYTjBMbU52YlhsbU1UTTJQSE5qY21sd2RENWhiR1Z5ZENneEtUd3ZjMk55YVhCMFBtcHNaV1IxUEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1VtVm5hWE4wWlhJOEwyZ3pQZ29LQ2xCc1pXRnpaU0JsYm5SbGNpQjBhR1VnWm05c2JHOTNhVzVuSUdSbGRHRnBiSE1nZEc4Z2NtVm5hWE4wWlhJZ2QybDBhQ0IxY3pvZ1BHSnlMejQ4WW5JdlBnbzhabTl5YlNCdFpYUm9iMlE5SWxCUFUxUWlQZ29KUEdObGJuUmxjajRLQ1R4MFlXSnNaVDRLQ1R4MGNqNEtDUWs4ZEdRK1ZYTmxjbTVoYldVZ0tIbHZkWElnWlcxaGFXd2dZV1JrY21WemN5azZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKMWMyVnlibUZ0WlNJZ2JtRnRaVDBpZFhObGNtNWhiV1VpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReElpQnVZVzFsUFNKd1lYTnpkMjl5WkRFaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDVEYjI1bWFYSnRJRkJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReUlpQnVZVzFsUFNKd1lYTnpkMjl5WkRJaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDQ4TDNSa1Bnb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluTjFZbTFwZENJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlVbVZuYVhOMFpYSWlQand2YVc1d2RYUStQQzkwWkQ0S0NUd3ZkSEkrQ2drOEwzUmhZbXhsUGdvSlBDOWpaVzUwWlhJK0Nqd3ZabTl5YlQ0S0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 89,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 90,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 91,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 92,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 93,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 94,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 95,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 96,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 97,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 98,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 99,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 100,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 101,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 102,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 103,
+ "fields": {
+ "finding": 346,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 104,
+ "fields": {
+ "finding": 347,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 105,
+ "fields": {
+ "finding": 347,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
+ }
+},
+{
+ "model": "dojo.burprawrequestresponse",
+ "pk": 106,
+ "fields": {
+ "finding": 347,
+ "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
+ "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
+ }
+},
+{
+ "model": "dojo.risk_acceptance",
+ "pk": 1,
+ "fields": {
+ "name": "Simple Builtin Risk Acceptance",
+ "recommendation": "F",
+ "recommendation_details": null,
+ "decision": "A",
+ "decision_details": "These findings are accepted using a simple risk acceptance without expiration date, approval document or compensating control information. Unaccept and use full risk acceptance if you need to have more control over those fields.",
+ "accepted_by": null,
+ "path": "",
+ "owner": [
+ "admin"
+ ],
+ "expiration_date": null,
+ "expiration_date_warned": null,
+ "expiration_date_handled": null,
+ "reactivate_expired": true,
+ "restart_sla_expired": false,
+ "created": "2024-01-29T15:35:18.089Z",
+ "updated": "2024-01-29T15:35:18.089Z",
+ "accepted_findings": [
+ 2
+ ],
+ "notes": []
+ }
+},
+{
+ "model": "dojo.jira_instance",
+ "pk": 2,
+ "fields": {
+ "configuration_name": "Happy little JIRA 2",
+ "url": "http://www.testjira.com",
+ "username": "user1",
+ "password": "user1",
+ "default_issue_type": "Task",
+ "issue_template_dir": null,
+ "epic_name_id": 111,
+ "open_status_key": 111,
+ "close_status_key": 112,
+ "info_mapping_severity": "Trivial",
+ "low_mapping_severity": "test severity",
+ "medium_mapping_severity": "test severity",
+ "high_mapping_severity": "test severity",
+ "critical_mapping_severity": "test severity",
+ "finding_text": "",
+ "accepted_mapping_resolution": null,
+ "false_positive_mapping_resolution": null,
+ "global_jira_sla_notification": false,
+ "finding_jira_sync": false
+ }
+},
+{
+ "model": "dojo.jira_instance",
+ "pk": 3,
+ "fields": {
+ "configuration_name": "Happy little JIRA 3",
+ "url": "http://www.testjira.com",
+ "username": "user2",
+ "password": "user2",
+ "default_issue_type": "Task",
+ "issue_template_dir": null,
+ "epic_name_id": 222,
+ "open_status_key": 222,
+ "close_status_key": 223,
+ "info_mapping_severity": "Trivial",
+ "low_mapping_severity": "test severity",
+ "medium_mapping_severity": "test severity",
+ "high_mapping_severity": "test severity",
+ "critical_mapping_severity": "test severity",
+ "finding_text": "",
+ "accepted_mapping_resolution": null,
+ "false_positive_mapping_resolution": null,
+ "global_jira_sla_notification": false,
+ "finding_jira_sync": false
+ }
+},
+{
+ "model": "dojo.jira_instance",
+ "pk": 4,
+ "fields": {
+ "configuration_name": "Happy little JIRA 4",
+ "url": "http://www.testjira.com",
+ "username": "user3",
+ "password": "user3",
+ "default_issue_type": "Spike",
+ "issue_template_dir": null,
+ "epic_name_id": 333,
+ "open_status_key": 333,
+ "close_status_key": 334,
+ "info_mapping_severity": "Trivial",
+ "low_mapping_severity": "test severity",
+ "medium_mapping_severity": "test severity",
+ "high_mapping_severity": "test severity",
+ "critical_mapping_severity": "test severity",
+ "finding_text": "",
+ "accepted_mapping_resolution": null,
+ "false_positive_mapping_resolution": null,
+ "global_jira_sla_notification": false,
+ "finding_jira_sync": false
+ }
+},
+{
+ "model": "dojo.jira_project",
+ "pk": 1,
+ "fields": {
+ "jira_instance": 2,
+ "project_key": "key1",
+ "product": 1,
+ "issue_template_dir": null,
+ "engagement": null,
+ "component": "",
+ "custom_fields": null,
+ "default_assignee": null,
+ "jira_labels": null,
+ "add_vulnerability_id_to_jira_label": false,
+ "push_all_issues": false,
+ "enable_engagement_epic_mapping": true,
+ "epic_issue_type_name": "Epic",
+ "push_notes": false,
+ "product_jira_sla_notification": false,
+ "risk_acceptance_expiration_notification": false,
+ "enabled": true
+ }
+},
+{
+ "model": "dojo.jira_project",
+ "pk": 2,
+ "fields": {
+ "jira_instance": 3,
+ "project_key": "key2",
+ "product": 2,
+ "issue_template_dir": null,
+ "engagement": null,
+ "component": "",
+ "custom_fields": null,
+ "default_assignee": null,
+ "jira_labels": null,
+ "add_vulnerability_id_to_jira_label": false,
+ "push_all_issues": true,
+ "enable_engagement_epic_mapping": true,
+ "epic_issue_type_name": "Epic",
+ "push_notes": true,
+ "product_jira_sla_notification": false,
+ "risk_acceptance_expiration_notification": false,
+ "enabled": true
+ }
+},
+{
+ "model": "dojo.jira_project",
+ "pk": 3,
+ "fields": {
+ "jira_instance": 4,
+ "project_key": "key3",
+ "product": 3,
+ "issue_template_dir": null,
+ "engagement": null,
+ "component": "",
+ "custom_fields": null,
+ "default_assignee": null,
+ "jira_labels": null,
+ "add_vulnerability_id_to_jira_label": false,
+ "push_all_issues": false,
+ "enable_engagement_epic_mapping": false,
+ "epic_issue_type_name": "Epic",
+ "push_notes": false,
+ "product_jira_sla_notification": false,
+ "risk_acceptance_expiration_notification": false,
+ "enabled": true
+ }
+},
+{
+ "model": "dojo.jira_issue",
+ "pk": 2,
+ "fields": {
+ "jira_project": null,
+ "jira_id": "2",
+ "jira_key": "222",
+ "finding": 5,
+ "engagement": 3,
+ "finding_group": null,
+ "jira_creation": null,
+ "jira_change": null
+ }
+},
+{
+ "model": "dojo.jira_issue",
+ "pk": 3,
+ "fields": {
+ "jira_project": null,
+ "jira_id": "3",
+ "jira_key": "333",
+ "finding": 6,
+ "engagement": 1,
+ "finding_group": null,
+ "jira_creation": null,
+ "jira_change": null
+ }
+},
+{
+ "model": "dojo.notifications",
+ "pk": 1,
+ "fields": {
+ "product_type_added": "alert,alert",
+ "product_added": "alert,alert",
+ "engagement_added": "alert,alert",
+ "test_added": "alert,alert",
+ "scan_added": "alert,alert",
+ "scan_added_empty": "",
+ "jira_update": "alert,alert",
+ "upcoming_engagement": "alert,alert",
+ "stale_engagement": "alert,alert",
+ "auto_close_engagement": "alert,alert",
+ "close_engagement": "alert,alert",
+ "user_mentioned": "alert,alert",
+ "code_review": "alert,alert",
+ "review_requested": "alert,alert",
+ "other": "alert,alert",
+ "user": [
+ "admin"
+ ],
+ "product": null,
+ "template": false,
+ "sla_breach": "alert,alert",
+ "risk_acceptance_expiration": "alert,alert",
+ "sla_breach_combined": "alert,alert"
+ }
+},
+{
+ "model": "dojo.notifications",
+ "pk": 2,
+ "fields": {
+ "product_type_added": "alert,alert",
+ "product_added": "alert,alert",
+ "engagement_added": "alert,alert",
+ "test_added": "alert,alert",
+ "scan_added": "alert,alert",
+ "scan_added_empty": "",
+ "jira_update": "alert,alert",
+ "upcoming_engagement": "alert,alert",
+ "stale_engagement": "alert,alert",
+ "auto_close_engagement": "alert,alert",
+ "close_engagement": "alert,alert",
+ "user_mentioned": "alert,alert",
+ "code_review": "alert,alert",
+ "review_requested": "alert,alert",
+ "other": "alert,alert",
+ "user": [
+ "product_manager"
+ ],
+ "product": null,
+ "template": false,
+ "sla_breach": "alert,alert",
+ "risk_acceptance_expiration": "alert,alert",
+ "sla_breach_combined": "alert,alert"
+ }
+},
+{
+ "model": "dojo.notifications",
+ "pk": 3,
+ "fields": {
+ "product_type_added": "alert,alert",
+ "product_added": "alert,alert",
+ "engagement_added": "alert,alert",
+ "test_added": "alert,alert",
+ "scan_added": "alert,alert",
+ "scan_added_empty": "",
+ "jira_update": "alert,alert",
+ "upcoming_engagement": "alert,alert",
+ "stale_engagement": "alert,alert",
+ "auto_close_engagement": "alert,alert",
+ "close_engagement": "alert,alert",
+ "user_mentioned": "alert,alert",
+ "code_review": "alert,alert",
+ "review_requested": "alert,alert",
+ "other": "alert,alert",
+ "user": [
+ "user2"
+ ],
+ "product": null,
+ "template": false,
+ "sla_breach": "alert,alert",
+ "risk_acceptance_expiration": "alert,alert",
+ "sla_breach_combined": "alert,alert"
+ }
+},
+{
+ "model": "dojo.tool_product_settings",
+ "pk": 1,
+ "fields": {
+ "name": "Product Setting 1",
+ "description": "test product setting",
+ "url": "http://www.example.com",
+ "product": 1,
+ "tool_configuration": 1,
+ "tool_project_id": "1",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.tool_product_settings",
+ "pk": 2,
+ "fields": {
+ "name": "Product Setting 2",
+ "description": "test product setting",
+ "url": "http://www.example.com",
+ "product": 1,
+ "tool_configuration": 2,
+ "tool_project_id": "2",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.tool_product_settings",
+ "pk": 3,
+ "fields": {
+ "name": "Product Setting 3",
+ "description": "test product setting",
+ "url": "http://www.example.com",
+ "product": 1,
+ "tool_configuration": 3,
+ "tool_project_id": "3",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 1,
+ "fields": {
+ "title": "Static Scan for Python How-to",
+ "description": "\n\n\n The engagement \"Python How-to\" has been created.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/4",
+ "source": "Engagement Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-04T09:01:00.711Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 2,
+ "fields": {
+ "title": "Static Scan for Python How-to",
+ "description": "\n\n\n The engagement \"Python How-to\" has been created.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/4",
+ "source": "Engagement Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-04T09:01:00.726Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 3,
+ "fields": {
+ "title": "0 findings for Bodgeit",
+ "description": "\n\n\n \n\n",
+ "url": "http://defectdojo.herokuapp.com/test/17",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-04T09:22:29.720Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 4,
+ "fields": {
+ "title": "0 findings for Bodgeit",
+ "description": "\n\n\n \n\n",
+ "url": "http://defectdojo.herokuapp.com/test/17",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-04T09:22:29.733Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 5,
+ "fields": {
+ "title": "Quarterly PCI Scan for Bodgeit",
+ "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/6",
+ "source": "Engagement Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-04T09:25:29.445Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 6,
+ "fields": {
+ "title": "Quarterly PCI Scan for Bodgeit",
+ "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/6",
+ "source": "Engagement Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-04T09:25:29.455Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 7,
+ "fields": {
+ "title": "Qualys Scan for Bodgeit",
+ "description": "\n\n\n New test added for engagement Bodgeit: Qualys Scan.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/6",
+ "source": "Test Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-04T09:25:46.372Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 8,
+ "fields": {
+ "title": "Qualys Scan for Bodgeit",
+ "description": "\n\n\n New test added for engagement Bodgeit: Qualys Scan.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/6",
+ "source": "Test Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-04T09:25:46.385Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 9,
+ "fields": {
+ "title": "Initial Assessment for Account Software",
+ "description": "\n\n\n The engagement \"Account Software\" has been created.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/8",
+ "source": "Engagement Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-04T09:42:51.166Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 10,
+ "fields": {
+ "title": "Initial Assessment for Account Software",
+ "description": "\n\n\n The engagement \"Account Software\" has been created.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/8",
+ "source": "Engagement Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-04T09:42:51.176Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 11,
+ "fields": {
+ "title": "API Test for Account Software",
+ "description": "\n\n\n New test added for engagement Account Software: API Test.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/8",
+ "source": "Test Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-04T09:43:09.143Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 12,
+ "fields": {
+ "title": "API Test for Account Software",
+ "description": "\n\n\n New test added for engagement Account Software: API Test.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/8",
+ "source": "Test Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-04T09:43:09.153Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 13,
+ "fields": {
+ "title": "Nmap Scan for Account Software",
+ "description": "\n\n\n New test added for engagement Account Software: Nmap Scan.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/8",
+ "source": "Test Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-04T09:43:23.460Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 14,
+ "fields": {
+ "title": "Nmap Scan for Account Software",
+ "description": "\n\n\n New test added for engagement Account Software: Nmap Scan.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/8",
+ "source": "Test Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-04T09:43:23.472Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 15,
+ "fields": {
+ "title": "Dependency Check Scan for Account Software",
+ "description": "\n\n\n New test added for engagement Account Software: Dependency Check Scan.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/8",
+ "source": "Test Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-04T09:43:41.770Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 16,
+ "fields": {
+ "title": "Dependency Check Scan for Account Software",
+ "description": "\n\n\n New test added for engagement Account Software: Dependency Check Scan.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/8",
+ "source": "Test Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-04T09:43:41.785Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 17,
+ "fields": {
+ "title": "ZAP Scan for Account Software",
+ "description": "\n\n\n New test added for engagement Account Software: ZAP Scan.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/8",
+ "source": "Test Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-04T09:44:01.865Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 18,
+ "fields": {
+ "title": "ZAP Scan for Account Software",
+ "description": "\n\n\n New test added for engagement Account Software: ZAP Scan.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/8",
+ "source": "Test Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-04T09:44:01.877Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 19,
+ "fields": {
+ "title": "2 findings for Bodgeit",
+ "description": "\n\n\n \n\n",
+ "url": "http://defectdojo.herokuapp.com/test/25",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-05T06:44:36.344Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 20,
+ "fields": {
+ "title": "2 findings for Bodgeit",
+ "description": "\n\n\n \n\n",
+ "url": "http://defectdojo.herokuapp.com/test/25",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-05T06:44:36.353Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 21,
+ "fields": {
+ "title": "18 findings for Bodgeit",
+ "description": "\n\n\n \n\n",
+ "url": "http://defectdojo.herokuapp.com/test/26",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-05T06:46:09.906Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 22,
+ "fields": {
+ "title": "18 findings for Bodgeit",
+ "description": "\n\n\n \n\n",
+ "url": "http://defectdojo.herokuapp.com/test/26",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-05T06:46:09.914Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 23,
+ "fields": {
+ "title": "10 findings for Bodgeit",
+ "description": "\n\n\n \n\n",
+ "url": "http://defectdojo.herokuapp.com/test/28",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-05T06:47:20.764Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 24,
+ "fields": {
+ "title": "10 findings for Bodgeit",
+ "description": "\n\n\n \n\n",
+ "url": "http://defectdojo.herokuapp.com/test/28",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-05T06:47:20.774Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 25,
+ "fields": {
+ "title": "Manual PenTest for Bodgeit",
+ "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/11",
+ "source": "Engagement Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-05T06:54:11.922Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 26,
+ "fields": {
+ "title": "Manual PenTest for Bodgeit",
+ "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/11",
+ "source": "Engagement Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-05T06:54:11.931Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 27,
+ "fields": {
+ "title": "Manual Code Review for Bodgeit",
+ "description": "\n\n\n New test added for engagement Bodgeit: Manual Code Review.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/11",
+ "source": "Test Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-05T06:54:24.017Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 28,
+ "fields": {
+ "title": "Manual Code Review for Bodgeit",
+ "description": "\n\n\n New test added for engagement Bodgeit: Manual Code Review.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/11",
+ "source": "Test Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-05T06:54:24.025Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 29,
+ "fields": {
+ "title": "Pen Test for Bodgeit",
+ "description": "\n\n\n New test added for engagement Bodgeit: Pen Test.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/11",
+ "source": "Test Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-05T06:54:35.541Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 30,
+ "fields": {
+ "title": "Pen Test for Bodgeit",
+ "description": "\n\n\n New test added for engagement Bodgeit: Pen Test.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/11",
+ "source": "Test Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-05T06:54:35.551Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 31,
+ "fields": {
+ "title": "CI/CD Baseline Security Test for Bodgeit",
+ "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/12",
+ "source": "Engagement Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-05T07:06:26.179Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 32,
+ "fields": {
+ "title": "CI/CD Baseline Security Test for Bodgeit",
+ "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n",
+ "url": "http://defectdojo.herokuapp.com/engagement/12",
+ "source": "Engagement Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-05T07:06:26.187Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 33,
+ "fields": {
+ "title": "28 findings for Bodgeit",
+ "description": "\n\n\n \n\n",
+ "url": "http://defectdojo.herokuapp.com/test/31",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-05T07:07:23.992Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 34,
+ "fields": {
+ "title": "28 findings for Bodgeit",
+ "description": "\n\n\n \n\n",
+ "url": "http://defectdojo.herokuapp.com/test/31",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-05T07:07:24.008Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 35,
+ "fields": {
+ "title": "10 findings for BodgeIt",
+ "description": "\n\n\n \n\n",
+ "url": "http://defectdojo.herokuapp.com/test/32",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-05T10:43:09.169Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 36,
+ "fields": {
+ "title": "10 findings for BodgeIt",
+ "description": "\n\n\n \n\n",
+ "url": "http://defectdojo.herokuapp.com/test/32",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-05T10:43:09.178Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 37,
+ "fields": {
+ "title": "10 findings for BodgeIt",
+ "description": "\n\n\n \n\n",
+ "url": "http://defectdojo.herokuapp.com/test/37",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-05T10:51:04.993Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 38,
+ "fields": {
+ "title": "10 findings for BodgeIt",
+ "description": "\n\n\n \n\n",
+ "url": "http://defectdojo.herokuapp.com/test/37",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-05T10:51:05.001Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 39,
+ "fields": {
+ "title": "10 findings for BodgeIt",
+ "description": "\n\n\n \n\n",
+ "url": "http://localhost:8000/test/39",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": null,
+ "created": "2021-11-05T10:52:48.176Z"
+ }
+},
+{
+ "model": "dojo.alerts",
+ "pk": 40,
+ "fields": {
+ "title": "10 findings for BodgeIt",
+ "description": "\n\n\n \n\n",
+ "url": "http://localhost:8000/test/39",
+ "source": "Results Added",
+ "icon": "info-circle",
+ "user_id": [
+ "admin"
+ ],
+ "created": "2021-11-05T10:52:48.263Z"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 1,
+ "fields": {
+ "language": "ActionScript",
+ "color": "#F2D7D5"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 2,
+ "fields": {
+ "language": "Python",
+ "color": "#006400"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 3,
+ "fields": {
+ "language": "Ruby",
+ "color": "#cd5c5c"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 4,
+ "fields": {
+ "language": "ABAP",
+ "color": "#F9EBEA"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 5,
+ "fields": {
+ "language": "Ada",
+ "color": "#E6B0AA"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 6,
+ "fields": {
+ "language": "ADSO/IDSM",
+ "color": "#D98880"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 7,
+ "fields": {
+ "language": "Agda",
+ "color": "#CD6155"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 8,
+ "fields": {
+ "language": "AMPLE",
+ "color": "#C0392B"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 9,
+ "fields": {
+ "language": "Ant",
+ "color": "#A93226"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 10,
+ "fields": {
+ "language": "ANTLR Grammar",
+ "color": "#641E16"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 11,
+ "fields": {
+ "language": "Apex Trigger",
+ "color": "#FDEDEC"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 12,
+ "fields": {
+ "language": "Arduino Sketch",
+ "color": "#FADBD8"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 13,
- "fields": {
- "app_label": "dojo",
- "model": "role"
- }
+ "model": "dojo.language_type",
+ "pk": 13,
+ "fields": {
+ "language": "AsciiDoc",
+ "color": "#F1948A"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 14,
- "fields": {
- "app_label": "dojo",
- "model": "system_settings"
- }
+ "model": "dojo.language_type",
+ "pk": 14,
+ "fields": {
+ "language": "ASP",
+ "color": "#E74C3C"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 15,
- "fields": {
- "app_label": "dojo",
- "model": "dojo_group_member"
- }
+ "model": "dojo.language_type",
+ "pk": 15,
+ "fields": {
+ "language": "ASP.NET",
+ "color": "#CB4335"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 16,
- "fields": {
- "app_label": "dojo",
- "model": "global_role"
- }
+ "model": "dojo.language_type",
+ "pk": 16,
+ "fields": {
+ "language": "AspectJ",
+ "color": "#943126"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 17,
- "fields": {
- "app_label": "dojo",
- "model": "contact"
- }
+ "model": "dojo.language_type",
+ "pk": 17,
+ "fields": {
+ "language": "Assembly",
+ "color": "#78281F"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 18,
- "fields": {
- "app_label": "dojo",
- "model": "note_type"
- }
+ "model": "dojo.language_type",
+ "pk": 18,
+ "fields": {
+ "language": "AutoHotkey",
+ "color": "#F5EEF8"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 19,
- "fields": {
- "app_label": "dojo",
- "model": "notehistory"
- }
+ "model": "dojo.language_type",
+ "pk": 19,
+ "fields": {
+ "language": "awk",
+ "color": "#EBDEF0"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 20,
- "fields": {
- "app_label": "dojo",
- "model": "notes"
- }
+ "model": "dojo.language_type",
+ "pk": 20,
+ "fields": {
+ "language": "Blade",
+ "color": "#D7BDE2"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 21,
- "fields": {
- "app_label": "dojo",
- "model": "fileupload"
- }
+ "model": "dojo.language_type",
+ "pk": 21,
+ "fields": {
+ "language": "Bourne Again Shell",
+ "color": "#C39BD3"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 22,
- "fields": {
- "app_label": "dojo",
- "model": "product_type"
- }
+ "model": "dojo.language_type",
+ "pk": 22,
+ "fields": {
+ "language": "Bourne Shell",
+ "color": "#AF7AC5"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 23,
- "fields": {
- "app_label": "dojo",
- "model": "product_line"
- }
+ "model": "dojo.language_type",
+ "pk": 23,
+ "fields": {
+ "language": "BrightScript",
+ "color": "#884EA0"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 24,
- "fields": {
- "app_label": "dojo",
- "model": "report_type"
- }
+ "model": "dojo.language_type",
+ "pk": 24,
+ "fields": {
+ "language": "C",
+ "color": "#6C3483"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 25,
- "fields": {
- "app_label": "dojo",
- "model": "test_type"
- }
+ "model": "dojo.language_type",
+ "pk": 25,
+ "fields": {
+ "language": "C Shell",
+ "color": "#5B2C6F"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 26,
- "fields": {
- "app_label": "dojo",
- "model": "dojometa"
- }
+ "model": "dojo.language_type",
+ "pk": 26,
+ "fields": {
+ "language": "C#",
+ "color": "#4A235A"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 27,
- "fields": {
- "app_label": "dojo",
- "model": "sla_configuration"
- }
+ "model": "dojo.language_type",
+ "pk": 27,
+ "fields": {
+ "language": "C++",
+ "color": "#F4ECF7"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 28,
- "fields": {
- "app_label": "dojo",
- "model": "tagulous_product_tags"
- }
+ "model": "dojo.language_type",
+ "pk": 28,
+ "fields": {
+ "language": "C/C++ Header",
+ "color": "#E8DAEF"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 29,
- "fields": {
- "app_label": "dojo",
- "model": "product"
- }
+ "model": "dojo.language_type",
+ "pk": 29,
+ "fields": {
+ "language": "CCS",
+ "color": "#D2B4DE"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 30,
- "fields": {
- "app_label": "dojo",
- "model": "product_member"
- }
+ "model": "dojo.language_type",
+ "pk": 30,
+ "fields": {
+ "language": "Chapel",
+ "color": "#BB8FCE"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 31,
- "fields": {
- "app_label": "dojo",
- "model": "product_group"
- }
+ "model": "dojo.language_type",
+ "pk": 31,
+ "fields": {
+ "language": "Clean",
+ "color": "#8E44AD"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 32,
- "fields": {
- "app_label": "dojo",
- "model": "product_type_member"
- }
+ "model": "dojo.language_type",
+ "pk": 32,
+ "fields": {
+ "language": "Clojure",
+ "color": "#7D3C98"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 33,
- "fields": {
- "app_label": "dojo",
- "model": "product_type_group"
- }
+ "model": "dojo.language_type",
+ "pk": 33,
+ "fields": {
+ "language": "ClojureC",
+ "color": "#7D3C98"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 34,
- "fields": {
- "app_label": "dojo",
- "model": "tool_type"
- }
+ "model": "dojo.language_type",
+ "pk": 34,
+ "fields": {
+ "language": "ClojureScript",
+ "color": "#5B2C6F"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 35,
- "fields": {
- "app_label": "dojo",
- "model": "tool_configuration"
- }
+ "model": "dojo.language_type",
+ "pk": 35,
+ "fields": {
+ "language": "CMake",
+ "color": "#4A235A"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 36,
- "fields": {
- "app_label": "dojo",
- "model": "product_api_scan_configuration"
- }
+ "model": "dojo.language_type",
+ "pk": 36,
+ "fields": {
+ "language": "COBOL",
+ "color": "#EAF2F8"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 37,
- "fields": {
- "app_label": "dojo",
- "model": "network_locations"
- }
+ "model": "dojo.language_type",
+ "pk": 37,
+ "fields": {
+ "language": "CoffeeScript",
+ "color": "#D4E6F1"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 38,
- "fields": {
- "app_label": "dojo",
- "model": "engagement_presets"
- }
+ "model": "dojo.language_type",
+ "pk": 38,
+ "fields": {
+ "language": "ColdFusion",
+ "color": "#D6EAF8"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 39,
- "fields": {
- "app_label": "dojo",
- "model": "tagulous_engagement_tags"
- }
+ "model": "dojo.language_type",
+ "pk": 39,
+ "fields": {
+ "language": "ColdFusion CFScript",
+ "color": "#A9CCE3"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 40,
- "fields": {
- "app_label": "dojo",
- "model": "tagulous_engagement_inherited_tags"
- }
+ "model": "dojo.language_type",
+ "pk": 40,
+ "fields": {
+ "language": "Coq",
+ "color": "#7FB3D5"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 41,
- "fields": {
- "app_label": "dojo",
- "model": "engagement"
- }
+ "model": "dojo.language_type",
+ "pk": 41,
+ "fields": {
+ "language": "Crystal",
+ "color": "#5499C7"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 42,
- "fields": {
- "app_label": "dojo",
- "model": "cwe"
- }
+ "model": "dojo.language_type",
+ "pk": 42,
+ "fields": {
+ "language": "CSON",
+ "color": "#1A5276"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 43,
- "fields": {
- "app_label": "dojo",
- "model": "endpoint_params"
- }
+ "model": "dojo.language_type",
+ "pk": 43,
+ "fields": {
+ "language": "CSS",
+ "color": "#EBF5FB"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 44,
- "fields": {
- "app_label": "dojo",
- "model": "endpoint_status"
- }
+ "model": "dojo.language_type",
+ "pk": 44,
+ "fields": {
+ "language": "Cucumber",
+ "color": "#D4E6F1"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 45,
- "fields": {
- "app_label": "dojo",
- "model": "tagulous_endpoint_tags"
- }
+ "model": "dojo.language_type",
+ "pk": 45,
+ "fields": {
+ "language": "CUDA",
+ "color": "#7FB3D5"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 46,
- "fields": {
- "app_label": "dojo",
- "model": "tagulous_endpoint_inherited_tags"
- }
+ "model": "dojo.language_type",
+ "pk": 46,
+ "fields": {
+ "language": "Cython",
+ "color": "#5499C7"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 47,
- "fields": {
- "app_label": "dojo",
- "model": "endpoint"
- }
+ "model": "dojo.language_type",
+ "pk": 47,
+ "fields": {
+ "language": "D",
+ "color": "#2980B9"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 48,
- "fields": {
- "app_label": "dojo",
- "model": "development_environment"
- }
+ "model": "dojo.language_type",
+ "pk": 48,
+ "fields": {
+ "language": "DAL",
+ "color": "#2471A3"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 49,
- "fields": {
- "app_label": "dojo",
- "model": "sonarqube_issue"
- }
+ "model": "dojo.language_type",
+ "pk": 49,
+ "fields": {
+ "language": "Dart",
+ "color": "#1A5276"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 50,
- "fields": {
- "app_label": "dojo",
- "model": "sonarqube_issue_transition"
- }
+ "model": "dojo.language_type",
+ "pk": 50,
+ "fields": {
+ "language": "diff",
+ "color": "#154360"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 51,
- "fields": {
- "app_label": "dojo",
- "model": "tagulous_test_tags"
- }
+ "model": "dojo.language_type",
+ "pk": 51,
+ "fields": {
+ "language": "DITA",
+ "color": "#EBF5FB"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 52,
- "fields": {
- "app_label": "dojo",
- "model": "tagulous_test_inherited_tags"
- }
+ "model": "dojo.language_type",
+ "pk": 52,
+ "fields": {
+ "language": "DOS Batch",
+ "color": "#AED6F1"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 53,
- "fields": {
- "app_label": "dojo",
- "model": "test"
- }
+ "model": "dojo.language_type",
+ "pk": 53,
+ "fields": {
+ "language": "Drools",
+ "color": "#85C1E9"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 54,
- "fields": {
- "app_label": "dojo",
- "model": "test_import"
- }
+ "model": "dojo.language_type",
+ "pk": 54,
+ "fields": {
+ "language": "DTD",
+ "color": "#5DADE2"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 55,
- "fields": {
- "app_label": "dojo",
- "model": "test_import_finding_action"
- }
+ "model": "dojo.language_type",
+ "pk": 55,
+ "fields": {
+ "language": "dtrace",
+ "color": "#2980B9"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 56,
- "fields": {
- "app_label": "dojo",
- "model": "tagulous_finding_tags"
- }
+ "model": "dojo.language_type",
+ "pk": 56,
+ "fields": {
+ "language": "ECPP",
+ "color": "#2471A3"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 57,
- "fields": {
- "app_label": "dojo",
- "model": "tagulous_finding_inherited_tags"
- }
+ "model": "dojo.language_type",
+ "pk": 57,
+ "fields": {
+ "language": "EEx",
+ "color": "#1F618D"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 58,
- "fields": {
- "app_label": "dojo",
- "model": "finding"
- }
+ "model": "dojo.language_type",
+ "pk": 58,
+ "fields": {
+ "language": "Elixir",
+ "color": "#154360"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 59,
- "fields": {
- "app_label": "dojo",
- "model": "vulnerability_id"
- }
+ "model": "dojo.language_type",
+ "pk": 59,
+ "fields": {
+ "language": "Elm",
+ "color": "#EBF5FB"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 60,
- "fields": {
- "app_label": "dojo",
- "model": "stub_finding"
- }
+ "model": "dojo.language_type",
+ "pk": 60,
+ "fields": {
+ "language": "ERB",
+ "color": "#D6EAF8"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 61,
- "fields": {
- "app_label": "dojo",
- "model": "finding_group"
- }
+ "model": "dojo.language_type",
+ "pk": 61,
+ "fields": {
+ "language": "Erlang",
+ "color": "#AED6F1"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 62,
- "fields": {
- "app_label": "dojo",
- "model": "tagulous_finding_template_tags"
- }
+ "model": "dojo.language_type",
+ "pk": 62,
+ "fields": {
+ "language": "Expect",
+ "color": "#85C1E9"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 63,
- "fields": {
- "app_label": "dojo",
- "model": "finding_template"
- }
+ "model": "dojo.language_type",
+ "pk": 63,
+ "fields": {
+ "language": "F#",
+ "color": "#5DADE2"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 64,
- "fields": {
- "app_label": "dojo",
- "model": "vulnerability_id_template"
- }
+ "model": "dojo.language_type",
+ "pk": 64,
+ "fields": {
+ "language": "F# Script",
+ "color": "#3498DB"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 65,
- "fields": {
- "app_label": "dojo",
- "model": "check_list"
- }
+ "model": "dojo.language_type",
+ "pk": 65,
+ "fields": {
+ "language": "Fish Shell",
+ "color": "#2E86C1"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 66,
- "fields": {
- "app_label": "dojo",
- "model": "burprawrequestresponse"
- }
+ "model": "dojo.language_type",
+ "pk": 66,
+ "fields": {
+ "language": "Focus",
+ "color": "#2874A6"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 67,
- "fields": {
- "app_label": "dojo",
- "model": "risk_acceptance"
- }
+ "model": "dojo.language_type",
+ "pk": 67,
+ "fields": {
+ "language": "Forth",
+ "color": "#1B4F72"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 68,
- "fields": {
- "app_label": "dojo",
- "model": "fileaccesstoken"
- }
+ "model": "dojo.language_type",
+ "pk": 68,
+ "fields": {
+ "language": "Fortran 77",
+ "color": "#E8F8F5"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 69,
- "fields": {
- "app_label": "dojo",
- "model": "announcement"
- }
+ "model": "dojo.language_type",
+ "pk": 69,
+ "fields": {
+ "language": "Fortran 90",
+ "color": "#D1F2EB"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 70,
- "fields": {
- "app_label": "dojo",
- "model": "userannouncement"
- }
+ "model": "dojo.language_type",
+ "pk": 70,
+ "fields": {
+ "language": "Freemarker Template",
+ "color": "#"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 71,
- "fields": {
- "app_label": "dojo",
- "model": "bannerconf"
- }
+ "model": "dojo.language_type",
+ "pk": 71,
+ "fields": {
+ "language": "GDScript",
+ "color": "#A3E4D7"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 72,
- "fields": {
- "app_label": "dojo",
- "model": "github_conf"
- }
+ "model": "dojo.language_type",
+ "pk": 72,
+ "fields": {
+ "language": "Gencat NLS",
+ "color": "#76D7C4"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 73,
- "fields": {
- "app_label": "dojo",
- "model": "github_issue"
- }
+ "model": "dojo.language_type",
+ "pk": 73,
+ "fields": {
+ "language": "Glade",
+ "color": "#48C9B0"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 74,
- "fields": {
- "app_label": "dojo",
- "model": "github_clone"
- }
+ "model": "dojo.language_type",
+ "pk": 74,
+ "fields": {
+ "language": "GLSL",
+ "color": "#1ABC9C"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 75,
- "fields": {
- "app_label": "dojo",
- "model": "github_details_cache"
- }
+ "model": "dojo.language_type",
+ "pk": 75,
+ "fields": {
+ "language": "Go",
+ "color": "#17A589"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 76,
- "fields": {
- "app_label": "dojo",
- "model": "github_pkey"
- }
+ "model": "dojo.language_type",
+ "pk": 76,
+ "fields": {
+ "language": "Grails",
+ "color": "#148F77"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 77,
- "fields": {
- "app_label": "dojo",
- "model": "jira_instance"
- }
+ "model": "dojo.language_type",
+ "pk": 77,
+ "fields": {
+ "language": "GraphQL",
+ "color": "#117864"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 78,
- "fields": {
- "app_label": "dojo",
- "model": "jira_project"
- }
+ "model": "dojo.language_type",
+ "pk": 78,
+ "fields": {
+ "language": "Groovy",
+ "color": "#0E6251"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 79,
- "fields": {
- "app_label": "dojo",
- "model": "jira_issue"
- }
+ "model": "dojo.language_type",
+ "pk": 79,
+ "fields": {
+ "language": "Haml",
+ "color": "#E8F6F3"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 80,
- "fields": {
- "app_label": "dojo",
- "model": "notifications"
- }
+ "model": "dojo.language_type",
+ "pk": 80,
+ "fields": {
+ "language": "Handlebars",
+ "color": "#A3E4D7"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 81,
- "fields": {
- "app_label": "dojo",
- "model": "notification_webhooks"
- }
+ "model": "dojo.language_type",
+ "pk": 81,
+ "fields": {
+ "language": "Harbour",
+ "color": "#76D7C4"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 82,
- "fields": {
- "app_label": "dojo",
- "model": "tool_product_settings"
- }
+ "model": "dojo.language_type",
+ "pk": 82,
+ "fields": {
+ "language": "Haskell",
+ "color": "#48C9B0"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 83,
- "fields": {
- "app_label": "dojo",
- "model": "tool_product_history"
- }
+ "model": "dojo.language_type",
+ "pk": 83,
+ "fields": {
+ "language": "Haxe",
+ "color": "#1ABC9C"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 84,
- "fields": {
- "app_label": "dojo",
- "model": "alerts"
- }
+ "model": "dojo.language_type",
+ "pk": 84,
+ "fields": {
+ "language": "HCL",
+ "color": "#17A589"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 85,
- "fields": {
- "app_label": "dojo",
- "model": "cred_user"
- }
+ "model": "dojo.language_type",
+ "pk": 85,
+ "fields": {
+ "language": "HLSL",
+ "color": "#148F77"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 86,
- "fields": {
- "app_label": "dojo",
- "model": "cred_mapping"
- }
+ "model": "dojo.language_type",
+ "pk": 86,
+ "fields": {
+ "language": "HTML",
+ "color": "#117864"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 87,
- "fields": {
- "app_label": "dojo",
- "model": "language_type"
- }
+ "model": "dojo.language_type",
+ "pk": 87,
+ "fields": {
+ "language": "IDL",
+ "color": "#0E6251"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 88,
- "fields": {
- "app_label": "dojo",
- "model": "languages"
- }
+ "model": "dojo.language_type",
+ "pk": 88,
+ "fields": {
+ "language": "Idris",
+ "color": "#0B5345"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 89,
- "fields": {
- "app_label": "dojo",
- "model": "tagulous_app_analysis_tags"
- }
+ "model": "dojo.language_type",
+ "pk": 89,
+ "fields": {
+ "language": "InstallShield",
+ "color": "#D4EFDF"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 90,
- "fields": {
- "app_label": "dojo",
- "model": "app_analysis"
- }
+ "model": "dojo.language_type",
+ "pk": 90,
+ "fields": {
+ "language": "Java",
+ "color": "#A9DFBF"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 91,
- "fields": {
- "app_label": "dojo",
- "model": "objects_review"
- }
+ "model": "dojo.language_type",
+ "pk": 91,
+ "fields": {
+ "language": "JavaScript",
+ "color": "#7DCEA0"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 92,
- "fields": {
- "app_label": "dojo",
- "model": "tagulous_objects_product_tags"
- }
+ "model": "dojo.language_type",
+ "pk": 92,
+ "fields": {
+ "language": "JavaServer Faces",
+ "color": "#52BE80"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 93,
- "fields": {
- "app_label": "dojo",
- "model": "objects_product"
- }
+ "model": "dojo.language_type",
+ "pk": 93,
+ "fields": {
+ "language": "JCL",
+ "color": "#27AE60"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 94,
- "fields": {
- "app_label": "dojo",
- "model": "testing_guide_category"
- }
+ "model": "dojo.language_type",
+ "pk": 94,
+ "fields": {
+ "language": "JSON",
+ "color": "#229954"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 95,
- "fields": {
- "app_label": "dojo",
- "model": "testing_guide"
- }
+ "model": "dojo.language_type",
+ "pk": 95,
+ "fields": {
+ "language": "JSP",
+ "color": "#1E8449"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 96,
- "fields": {
- "app_label": "dojo",
- "model": "benchmark_type"
- }
+ "model": "dojo.language_type",
+ "pk": 97,
+ "fields": {
+ "language": "JSX",
+ "color": "#196F3D"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 97,
- "fields": {
- "app_label": "dojo",
- "model": "benchmark_category"
- }
+ "model": "dojo.language_type",
+ "pk": 98,
+ "fields": {
+ "language": "Julia",
+ "color": "#0B5345"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 98,
- "fields": {
- "app_label": "dojo",
- "model": "benchmark_requirement"
- }
+ "model": "dojo.language_type",
+ "pk": 99,
+ "fields": {
+ "language": "Kermit",
+ "color": "#800000"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 99,
- "fields": {
- "app_label": "dojo",
- "model": "benchmark_product"
- }
+ "model": "dojo.language_type",
+ "pk": 100,
+ "fields": {
+ "language": "Korn Shell",
+ "color": "#A52A2A"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 100,
- "fields": {
- "app_label": "dojo",
- "model": "benchmark_product_summary"
- }
+ "model": "dojo.language_type",
+ "pk": 101,
+ "fields": {
+ "language": "Kotlin",
+ "color": "#A0522D"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 101,
- "fields": {
- "app_label": "dojo",
- "model": "question"
- }
+ "model": "dojo.language_type",
+ "pk": 102,
+ "fields": {
+ "language": "Lean",
+ "color": "#8B4513"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 102,
- "fields": {
- "app_label": "dojo",
- "model": "textquestion"
- }
+ "model": "dojo.language_type",
+ "pk": 103,
+ "fields": {
+ "language": "LESS",
+ "color": "#D2691E"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 103,
- "fields": {
- "app_label": "dojo",
- "model": "choice"
- }
+ "model": "dojo.language_type",
+ "pk": 104,
+ "fields": {
+ "language": "lex",
+ "color": "#CD853F"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 104,
- "fields": {
- "app_label": "dojo",
- "model": "choicequestion"
- }
+ "model": "dojo.language_type",
+ "pk": 105,
+ "fields": {
+ "language": "LFE",
+ "color": "#DAA520"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 105,
- "fields": {
- "app_label": "dojo",
- "model": "engagement_survey"
- }
+ "model": "dojo.language_type",
+ "pk": 106,
+ "fields": {
+ "language": "liquid",
+ "color": "#F4A460"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 106,
- "fields": {
- "app_label": "dojo",
- "model": "answered_survey"
- }
+ "model": "dojo.language_type",
+ "pk": 107,
+ "fields": {
+ "language": "Lisp",
+ "color": "#BC8F8F"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 107,
- "fields": {
- "app_label": "dojo",
- "model": "general_survey"
- }
+ "model": "dojo.language_type",
+ "pk": 108,
+ "fields": {
+ "language": "Literate Idris",
+ "color": "#D2B48C"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 108,
- "fields": {
- "app_label": "dojo",
- "model": "answer"
- }
+ "model": "dojo.language_type",
+ "pk": 109,
+ "fields": {
+ "language": "LiveLink OScript",
+ "color": "#DEB887"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 109,
- "fields": {
- "app_label": "dojo",
- "model": "textanswer"
- }
+ "model": "dojo.language_type",
+ "pk": 110,
+ "fields": {
+ "language": "Logtalk",
+ "color": "#F5DEB3"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 110,
- "fields": {
- "app_label": "dojo",
- "model": "choiceanswer"
- }
+ "model": "dojo.language_type",
+ "pk": 111,
+ "fields": {
+ "language": "Lua",
+ "color": "#FFDEAD"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 111,
- "fields": {
- "app_label": "watson",
- "model": "searchentry"
- }
+ "model": "dojo.language_type",
+ "pk": 112,
+ "fields": {
+ "language": "m4",
+ "color": "#FFE4C4"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 112,
- "fields": {
- "app_label": "tagging",
- "model": "tag"
- }
+ "model": "dojo.language_type",
+ "pk": 113,
+ "fields": {
+ "language": "make",
+ "color": "#FFEBCD"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 113,
- "fields": {
- "app_label": "tagging",
- "model": "taggeditem"
- }
+ "model": "dojo.language_type",
+ "pk": 114,
+ "fields": {
+ "language": "Mako",
+ "color": "#FFF8DC"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 114,
- "fields": {
- "app_label": "authtoken",
- "model": "token"
- }
+ "model": "dojo.language_type",
+ "pk": 115,
+ "fields": {
+ "language": "Markdown",
+ "color": "#2F4F4F"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 115,
- "fields": {
- "app_label": "authtoken",
- "model": "tokenproxy"
- }
+ "model": "dojo.language_type",
+ "pk": 116,
+ "fields": {
+ "language": "Mathematica",
+ "color": "#708090"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 116,
- "fields": {
- "app_label": "django_celery_results",
- "model": "taskresult"
- }
+ "model": "dojo.language_type",
+ "pk": 117,
+ "fields": {
+ "language": "MATLAB",
+ "color": "#778899"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 117,
- "fields": {
- "app_label": "django_celery_results",
- "model": "chordcounter"
- }
+ "model": "dojo.language_type",
+ "pk": 118,
+ "fields": {
+ "language": "Maven",
+ "color": "#696969"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 118,
- "fields": {
- "app_label": "django_celery_results",
- "model": "groupresult"
- }
+ "model": "dojo.language_type",
+ "pk": 119,
+ "fields": {
+ "language": "Modula3",
+ "color": "#808080"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 119,
- "fields": {
- "app_label": "social_django",
- "model": "usersocialauth"
- }
+ "model": "dojo.language_type",
+ "pk": 120,
+ "fields": {
+ "language": "MSBuild script",
+ "color": "#A9A9A9"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 120,
- "fields": {
- "app_label": "social_django",
- "model": "nonce"
- }
+ "model": "dojo.language_type",
+ "pk": 121,
+ "fields": {
+ "language": "MUMPS",
+ "color": "#FFE4E1"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 121,
- "fields": {
- "app_label": "social_django",
- "model": "association"
- }
+ "model": "dojo.language_type",
+ "pk": 122,
+ "fields": {
+ "language": "Mustache",
+ "color": "#FFF0F5"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 122,
- "fields": {
- "app_label": "social_django",
- "model": "code"
- }
+ "model": "dojo.language_type",
+ "pk": 123,
+ "fields": {
+ "language": "MXML",
+ "color": "#FAEBD7"
+ }
},
{
- "model": "contenttypes.contenttype",
- "pk": 123,
- "fields": {
- "app_label": "social_django",
- "model": "partial"
- }
+ "model": "dojo.language_type",
+ "pk": 124,
+ "fields": {
+ "language": "NAnt script",
+ "color": "#FFFFF0"
+ }
},
{
- "model": "sessions.session",
- "pk": "0fy0ogscdoq7gy7k3rsgp39zumcidfu9",
- "fields": {
- "session_data": "NzEyZjZiNDQ0ZTBkNTllYjE2MjY5OTRmYjBhZjRlNTU1NjIyOTcxZDp7Il9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=",
- "expire_date": "2021-12-07T06:07:31.598Z"
- }
+ "model": "dojo.language_type",
+ "pk": 125,
+ "fields": {
+ "language": "NASTRAN DMAP",
+ "color": "#FFFAF0"
+ }
},
{
- "model": "sessions.session",
- "pk": "2dqr18yqu9mzb87abk0okid75w2clakl",
- "fields": {
- "session_data": "ZmY5ZWRlNzI5OTdlMmMxNjBmNjQwODU2YWQ4ODlmNGUzNDUyOTljOTp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9tZXRyaWNzIiwidGl0bGUiOiJQcm9kdWN0IFR5cGUgTWV0cmljcyJ9XSwiX2F1dGhfdXNlcl9oYXNoIjoiODE0OTY0ZTdhNzUyNDQyZjM1MjczNTExMGVkZGZjNzc4YjE0MTU3MiIsIl9hdXRoX3VzZXJfaWQiOiIzIiwiX2F1dGhfdXNlcl9iYWNrZW5kIjoiZGphbmdvLmNvbnRyaWIuYXV0aC5iYWNrZW5kcy5Nb2RlbEJhY2tlbmQifQ==",
- "expire_date": "2021-07-18T23:13:01.138Z"
- }
-},
-{
- "model": "sessions.session",
- "pk": "91he362uu4zzlkmhn3g87fstw6gpb8h9",
- "fields": {
- "session_data": "NTU0NDNiNWE4YzY2Y2I2ZGQ4ZjQ4ZWM1NTZhZmFmZmEzODI0ODJiMDp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6IjVmNWFhZWQ4ZTY3YzllZDkyNGIxNDQxMTQ0NmRmYmJjZTY3YzgxNmUiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=",
- "expire_date": "2021-11-19T05:11:08.323Z"
- }
-},
-{
- "model": "sessions.session",
- "pk": "9voht5jb42emoela71zpbqz04ror8xcw",
- "fields": {
- "session_data": "NjZhNGEzMTYxNjE4OWEzOWMwNWU1Njg0ODg5NTQ4Mzk3N2I0OTVkMzp7ImRvam9fYnJlYWRjcnVtYnMiOm51bGwsIl9hdXRoX3VzZXJfaGFzaCI6IjVmNWFhZWQ4ZTY3YzllZDkyNGIxNDQxMTQ0NmRmYmJjZTY3YzgxNmUiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=",
- "expire_date": "2021-11-30T06:31:13.710Z"
- }
-},
-{
- "model": "sessions.session",
- "pk": "c29i459wf0jkdkluez09s3yjmqos689f",
- "fields": {
- "session_data": "MzllYzU2NjM4MDcwY2MxNjRiOTI2YzU5NDE1Y2Y2YWE3Y2Q2N2RmODp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6IjVkMDczODI0ZmUyNmMyZDc4M2NjZmVlMjU2YTI4OWU1NTFiOTVhYTUiLCJfYXV0aF91c2VyX2lkIjoiMSIsIl9hdXRoX3VzZXJfYmFja2VuZCI6ImRqYW5nby5jb250cmliLmF1dGguYmFja2VuZHMuTW9kZWxCYWNrZW5kIn0=",
- "expire_date": "2021-12-07T05:18:56.251Z"
- }
-},
-{
- "model": "sessions.session",
- "pk": "eme9gyi7zn436wzeyoto51egukxj8qy7",
- "fields": {
- "session_data": ".eJxVjEEOwiAQRe_C2hBgKDAu3fcMZIBRqoYmpV0Z765NutDtf-_9l4i0rTVunZc4FXEWWpx-t0T5wW0H5U7tNss8t3WZktwVedAux7nw83K4fweVev3WjorL2Rob0A5ac4JQfFYKgIkheGJkjaiNHxDRXTUoJA5gKRlQ2Yr3B8_sNxs:1mbNDM:BgL5LziNRBqwTSTO0RrBtCMHXn6G7AB2drrlm17fEdc",
- "expire_date": "2025-01-17T05:47:46.263Z"
- }
-},
-{
- "model": "sessions.session",
- "pk": "g0fpchyt0my3n4ks1v2jj0lp3hgsdjgg",
- "fields": {
- "session_data": ".eJxVjLsOwjAMRf8lc1UCLaFmZGJhYEaocmKHFkoj8piq_jtBQjxG33N8JtFiil2bAvu2J7EVS1H8bhrNjccXoCuOF1caN0bf6_KllG8ayoMjHnZv9y_QYejytwS20GgEuamtUqw0NhZhDUAgFXClDUmLTSXNSpFkIrmqaGNr0gTrqs5RclfXas9Ixqe7DmJ7mkTs48C5v3d3zk7yQz4WYi6-6Jg4xN6N4csfn2k-z0_ReVZ2:1mbNL6:bNhQm1g9-3-4R9g0NeLcUGe06pb69i1dvOQXk_fOGcQ",
- "expire_date": "2025-01-17T05:55:46.185Z"
- }
-},
-{
- "model": "sessions.session",
- "pk": "gv3v9rnpgxqswy7lin8p55oqahdeatwu",
- "fields": {
- "session_data": "Mjk5OGE0MDZiZWZkMzRiZjcxZDg4MWE2M2U4NDM1ZTExOWQ3MGM0ZTp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii90ZXN0X3R5cGUiLCJ0aXRsZSI6IlRlc3QgVHlwZSBMaXN0In1dLCJfYXV0aF91c2VyX2hhc2giOiJjOGQxY2IxNDU1NmI5YzYyZmRkMjRlMTEwNDljMjMyNjlkYTgzZDU2IiwiX2F1dGhfdXNlcl9pZCI6IjEiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCJ9",
- "expire_date": "2021-11-17T06:33:39.074Z"
- }
-},
-{
- "model": "sessions.session",
- "pk": "imsqmmk97qms70tz0e55yumkf5ehcfjw",
- "fields": {
- "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=",
- "expire_date": "2021-07-19T22:22:52.744Z"
- }
-},
-{
- "model": "sessions.session",
- "pk": "jd1dvmzg2kdst1dvjvd82xto3two999q",
- "fields": {
- "session_data": "MWJhOTUzZGJkYzRjOTcxYjg0YmNmNjQ2M2FjZTA1Y2I3YjQwMWU5Njp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=",
- "expire_date": "2021-11-19T07:37:14.206Z"
- }
-},
-{
- "model": "sessions.session",
- "pk": "nrksf0iuveua4cjxcy9m5i5nvvnswks0",
- "fields": {
- "session_data": "MWJhOTUzZGJkYzRjOTcxYjg0YmNmNjQ2M2FjZTA1Y2I3YjQwMWU5Njp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=",
- "expire_date": "2021-11-19T12:12:49.262Z"
- }
-},
-{
- "model": "sessions.session",
- "pk": "ocg999bmxmjn5q2ebcddpzbr1a3ewpvt",
- "fields": {
- "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=",
- "expire_date": "2021-07-16T00:21:49.329Z"
- }
-},
-{
- "model": "sites.site",
- "pk": 1,
- "fields": {
- "domain": "example.com",
- "name": "example.com"
- }
-},
-{
- "model": "admin.logentry",
- "pk": 1,
- "fields": {
- "action_time": "2021-07-02T00:22:01.258Z",
- "user": 1,
- "content_type": 3,
- "object_id": "2",
- "object_repr": "user1",
- "action_flag": 1,
- "change_message": "[{\"added\": {}}]"
- }
-},
-{
- "model": "admin.logentry",
- "pk": 2,
- "fields": {
- "action_time": "2021-07-02T00:22:09.722Z",
- "user": 1,
- "content_type": 3,
- "object_id": "3",
- "object_repr": "user2",
- "action_flag": 1,
- "change_message": "[{\"added\": {}}]"
- }
-},
-{
- "model": "admin.logentry",
- "pk": 3,
- "fields": {
- "action_time": "2021-11-04T08:57:11.661Z",
- "user": 1,
- "content_type": 54,
- "object_id": "6",
- "object_repr": "High Impact test finding",
- "action_flag": 2,
- "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]"
- }
-},
-{
- "model": "admin.logentry",
- "pk": 4,
- "fields": {
- "action_time": "2021-11-04T08:57:21.204Z",
- "user": 1,
- "content_type": 54,
- "object_id": "4",
- "object_repr": "High Impact test finding",
- "action_flag": 2,
- "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]"
- }
-},
-{
- "model": "admin.logentry",
- "pk": 5,
- "fields": {
- "action_time": "2021-11-04T08:57:32.008Z",
- "user": 1,
- "content_type": 54,
- "object_id": "2",
- "object_repr": "High Impact test finding",
- "action_flag": 2,
- "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]"
- }
-},
-{
- "model": "admin.logentry",
- "pk": 6,
- "fields": {
- "action_time": "2021-11-04T08:58:15.735Z",
- "user": 1,
- "content_type": 54,
- "object_id": "3",
- "object_repr": "High Impact test finding",
- "action_flag": 2,
- "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]"
- }
-},
-{
- "model": "admin.logentry",
- "pk": 7,
- "fields": {
- "action_time": "2021-11-04T08:58:43.433Z",
- "user": 1,
- "content_type": 54,
- "object_id": "5",
- "object_repr": "High Impact test finding",
- "action_flag": 3,
- "change_message": ""
- }
-},
-{
- "model": "admin.logentry",
- "pk": 8,
- "fields": {
- "action_time": "2021-11-04T08:58:43.474Z",
- "user": 1,
- "content_type": 54,
- "object_id": "7",
- "object_repr": "DUMMY FINDING",
- "action_flag": 3,
- "change_message": ""
- }
-},
-{
- "model": "admin.logentry",
- "pk": 9,
- "fields": {
- "action_time": "2021-11-04T08:58:43.495Z",
- "user": 1,
- "content_type": 54,
- "object_id": "6",
- "object_repr": "High Impact test finding",
- "action_flag": 3,
- "change_message": ""
- }
-},
-{
- "model": "admin.logentry",
- "pk": 10,
- "fields": {
- "action_time": "2021-11-04T08:58:43.501Z",
- "user": 1,
- "content_type": 54,
- "object_id": "4",
- "object_repr": "High Impact test finding",
- "action_flag": 3,
- "change_message": ""
- }
-},
-{
- "model": "admin.logentry",
- "pk": 11,
- "fields": {
- "action_time": "2021-11-04T08:58:43.507Z",
- "user": 1,
- "content_type": 54,
- "object_id": "3",
- "object_repr": "High Impact test finding",
- "action_flag": 3,
- "change_message": ""
- }
-},
-{
- "model": "admin.logentry",
- "pk": 12,
- "fields": {
- "action_time": "2021-11-04T08:58:43.512Z",
- "user": 1,
- "content_type": 54,
- "object_id": "2",
- "object_repr": "High Impact test finding",
- "action_flag": 3,
- "change_message": ""
- }
-},
-{
- "model": "admin.logentry",
- "pk": 13,
- "fields": {
- "action_time": "2021-11-04T09:00:09.825Z",
- "user": 1,
- "content_type": 79,
- "object_id": "1",
- "object_repr": "Java",
- "action_flag": 1,
- "change_message": "[{\"added\": {}}]"
- }
-},
-{
- "model": "admin.logentry",
- "pk": 14,
- "fields": {
- "action_time": "2021-11-04T09:13:05.793Z",
- "user": 1,
- "content_type": 79,
- "object_id": "4",
- "object_repr": "XML",
- "action_flag": 1,
- "change_message": "[{\"added\": {}}]"
- }
-},
-{
- "model": "admin.logentry",
- "pk": 15,
- "fields": {
- "action_time": "2021-11-04T09:14:00.425Z",
- "user": 1,
- "content_type": 79,
- "object_id": "3",
- "object_repr": "JavaScript",
- "action_flag": 2,
- "change_message": "[{\"changed\": {\"fields\": [\"user\", \"files\", \"blank\", \"comment\", \"code\"]}}]"
- }
-},
-{
- "model": "admin.logentry",
- "pk": 16,
- "fields": {
- "action_time": "2021-11-04T09:20:33.497Z",
- "user": 1,
- "content_type": 81,
- "object_id": "1",
- "object_repr": "Tomcat | Bodgeit",
- "action_flag": 1,
- "change_message": "[{\"added\": {}}]"
- }
-},
-{
- "model": "admin.logentry",
- "pk": 17,
- "fields": {
- "action_time": "2021-11-04T13:06:05.480Z",
- "user": 1,
- "content_type": 79,
- "object_id": "2",
- "object_repr": "Python",
- "action_flag": 2,
- "change_message": "[{\"changed\": {\"fields\": [\"user\", \"files\", \"blank\", \"comment\", \"code\"]}}]"
- }
-},
-{
- "model": "admin.logentry",
- "pk": 18,
- "fields": {
- "action_time": "2021-11-05T07:13:16.077Z",
- "user": 1,
- "content_type": 3,
- "object_id": "1",
- "object_repr": "admin",
- "action_flag": 2,
- "change_message": "[{\"changed\": {\"fields\": [\"password\"]}}]"
- }
-},
-{
- "model": "admin.logentry",
- "pk": 19,
- "fields": {
- "action_time": "2021-11-05T07:13:53.435Z",
- "user": 1,
- "content_type": 3,
- "object_id": "2",
- "object_repr": "product_manager",
- "action_flag": 2,
- "change_message": "[{\"changed\": {\"fields\": [\"password\"]}}]"
- }
-},
-{
- "model": "admin.logentry",
- "pk": 20,
- "fields": {
- "action_time": "2021-11-05T07:21:45.543Z",
- "user": 1,
- "content_type": 3,
- "object_id": "2",
- "object_repr": "product_manager",
- "action_flag": 2,
- "change_message": "[{\"changed\": {\"fields\": [\"is_staff\"]}}]"
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1,
- "fields": {
- "content_type": 22,
- "object_pk": "1",
- "object_id": 1,
- "object_repr": "Research and Development",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"1\"], \"critical_product\": [\"None\", \"False\"], \"name\": [\"None\", \"Research and Development\"], \"prod_type\": [\"None\", \"dojo.Product.None\"], \"key_product\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:53.887Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 2,
- "fields": {
- "content_type": 22,
- "object_pk": "2",
- "object_id": 2,
- "object_repr": "Commerce",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"updated\": [\"None\", \"2021-11-04 09:27:38.846223\"], \"id\": [\"None\", \"2\"], \"critical_product\": [\"None\", \"True\"], \"name\": [\"None\", \"Commerce\"], \"prod_type\": [\"None\", \"dojo.Product.None\"], \"key_product\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:53.996Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 3,
- "fields": {
- "content_type": 22,
- "object_pk": "3",
- "object_id": 3,
- "object_repr": "Billing",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"updated\": [\"None\", \"2021-11-04 09:27:51.762223\"], \"id\": [\"None\", \"3\"], \"critical_product\": [\"None\", \"False\"], \"name\": [\"None\", \"Billing\"], \"prod_type\": [\"None\", \"dojo.Product.None\"], \"key_product\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.006Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 4,
- "fields": {
- "content_type": 29,
- "object_pk": "1",
- "object_id": 1,
- "object_repr": "BodgeIt",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"team_manager\": [\"None\", \"(product_manager)\"], \"prod_type\": [\"None\", \"Commerce\"], \"sla_configuration\": [\"None\", \"Default\"], \"tid\": [\"None\", \"0\"], \"prod_numeric_grade\": [\"None\", \"5\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"internal\"], \"user_records\": [\"None\", \"1000000000\"], \"revenue\": [\"None\", \"1000.00\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"True\"], \"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"enable_product_tag_inheritance\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"], \"disable_sla_breach_notifications\": [\"None\", \"False\"], \"async_updating\": [\"None\", \"False\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"1\"], \"name\": [\"None\", \"BodgeIt\"], \"description\": [\"None\", \"[Features](https://github.com/psiinon/bodgeit) and characteristics:\\r\\n\\r\\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\\r\\n* Self contained (no additional dependencies other than to 2 in the above line)\\r\\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\\r\\n* Cross platform\\r\\n* Open source\\r\\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.090Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 5,
- "fields": {
- "content_type": 29,
- "object_pk": "2",
- "object_id": 2,
- "object_repr": "Internal CRM App",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Commerce\"], \"sla_configuration\": [\"None\", \"Default\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"medium\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"construction\"], \"origin\": [\"None\", \"internal\"], \"external_audience\": [\"None\", \"False\"], \"internet_accessible\": [\"None\", \"False\"], \"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"enable_product_tag_inheritance\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"], \"disable_sla_breach_notifications\": [\"None\", \"False\"], \"async_updating\": [\"None\", \"False\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"2\"], \"name\": [\"None\", \"Internal CRM App\"], \"description\": [\"None\", \"* New product in development that attempts to follow all best practices\"], \"product_manager\": [\"None\", \"(product_manager)\"], \"technical_contact\": [\"None\", \"(product_manager)\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.116Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 6,
- "fields": {
- "content_type": 29,
- "object_pk": "3",
- "object_id": 3,
- "object_repr": "Apple Accounting Software",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Billing\"], \"sla_configuration\": [\"None\", \"Default\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"purchased\"], \"user_records\": [\"None\", \"5000\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"False\"], \"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"enable_product_tag_inheritance\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"], \"disable_sla_breach_notifications\": [\"None\", \"False\"], \"async_updating\": [\"None\", \"False\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"3\"], \"name\": [\"None\", \"Apple Accounting Software\"], \"description\": [\"None\", \"Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\\r\\n\\r\\n**Core modules**\\r\\n\\r\\n* Accounts receivable\\u2014where the company enters money received\\r\\n* Accounts payable\\u2014where the company enters its bills and pays money it owes\\r\\n* General ledger\\u2014the company's \\\"books\\\"\\r\\n* Billing\\u2014where the company produces invoices to clients/customers\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.133Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 7,
- "fields": {
- "content_type": 41,
- "object_pk": "1",
- "object_id": 1,
- "object_repr": "Engagement 1: 1st Quarter Engagement (Jun 30, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"1st Quarter Engagement\"], \"description\": [\"None\", \"test Engagement\"], \"target_start\": [\"None\", \"2021-06-30\"], \"target_end\": [\"None\", \"2021-06-30\"], \"id\": [\"None\", \"1\"], \"lead\": [\"None\", \"(product_manager)\"], \"product\": [\"None\", \"Internal CRM App\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"In Progress\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.161Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 8,
- "fields": {
- "content_type": 41,
- "object_pk": "2",
- "object_id": 2,
- "object_repr": "Engagement 2: April Monthly Engagement (Jun 30, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"April Monthly Engagement\"], \"description\": [\"None\", \"Requested by the team for regular manual checkup by the security team.\"], \"target_start\": [\"None\", \"2021-06-30\"], \"target_end\": [\"None\", \"2021-06-30\"], \"id\": [\"None\", \"2\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 09:15:49.870223\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.185Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 9,
- "fields": {
- "content_type": 41,
- "object_pk": "3",
- "object_id": 3,
- "object_repr": "Engagement 3: weekly engagement (Jun 21, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"weekly engagement\"], \"description\": [\"None\", \"test Engagement\"], \"target_start\": [\"None\", \"2021-06-21\"], \"target_end\": [\"None\", \"2021-06-22\"], \"id\": [\"None\", \"3\"], \"lead\": [\"None\", \"(product_manager)\"], \"product\": [\"None\", \"Internal CRM App\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.205Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 10,
- "fields": {
- "content_type": 41,
- "object_pk": "4",
- "object_id": 4,
- "object_repr": "Engagement 4: Static Scan (Nov 03, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Static Scan\"], \"description\": [\"None\", \"Initial static scan for Bodgeit.\"], \"version\": [\"None\", \"v.1.2.0\"], \"target_start\": [\"None\", \"2021-11-03\"], \"target_end\": [\"None\", \"2021-11-10\"], \"id\": [\"None\", \"4\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 09:14:58.726223\"], \"created\": [\"None\", \"2021-11-04 09:01:00.647223\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.224Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 11,
- "fields": {
- "content_type": 41,
- "object_pk": "6",
- "object_id": 6,
- "object_repr": "Engagement 6: Quarterly PCI Scan (Jan 19, 2022)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Quarterly PCI Scan\"], \"description\": [\"None\", \"Reccuring Quarterly Scan\"], \"target_start\": [\"None\", \"2022-01-19\"], \"target_end\": [\"None\", \"2022-01-26\"], \"id\": [\"None\", \"6\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 09:26:47.339223\"], \"created\": [\"None\", \"2021-11-04 09:25:29.380223\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Not Started\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.245Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 12,
- "fields": {
- "content_type": 41,
- "object_pk": "7",
- "object_id": 7,
- "object_repr": "Engagement 7: Ad Hoc Engagement (Nov 03, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Ad Hoc Engagement\"], \"target_start\": [\"None\", \"2021-11-03\"], \"target_end\": [\"None\", \"2021-11-03\"], \"id\": [\"None\", \"7\"], \"product\": [\"None\", \"Internal CRM App\"], \"updated\": [\"None\", \"2021-11-04 09:36:15.136223\"], \"created\": [\"None\", \"2021-11-04 09:36:15.136223\"], \"active\": [\"None\", \"False\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.268Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 13,
- "fields": {
- "content_type": 41,
- "object_pk": "8",
- "object_id": 8,
- "object_repr": "Engagement 8: Initial Assessment (Dec 20, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Initial Assessment\"], \"description\": [\"None\", \"This application needs to be assesed to determine the security posture.\"], \"version\": [\"None\", \"10.2.1\"], \"target_start\": [\"None\", \"2021-12-20\"], \"target_end\": [\"None\", \"2021-12-27\"], \"id\": [\"None\", \"8\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"Apple Accounting Software\"], \"updated\": [\"None\", \"2021-11-04 09:44:29.481223\"], \"created\": [\"None\", \"2021-11-04 09:42:51.116223\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Not Started\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.288Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 14,
- "fields": {
- "content_type": 41,
- "object_pk": "10",
- "object_id": 10,
- "object_repr": "Engagement 10: Multiple scanners (Nov 04, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Multiple scanners\"], \"description\": [\"None\", \"Example engagement with multiple scan types.\"], \"version\": [\"None\", \"1.2.1\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-04\"], \"id\": [\"None\", \"10\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-05 06:49:39.475223\"], \"created\": [\"None\", \"2021-11-05 06:44:35.773223\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.309Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 15,
- "fields": {
- "content_type": 41,
- "object_pk": "11",
- "object_id": 11,
- "object_repr": "Engagement 11: Manual PenTest (Dec 30, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Manual PenTest\"], \"description\": [\"None\", \"Please do a manual pentest before our next release to prod.\"], \"version\": [\"None\", \"1.9.1\"], \"target_start\": [\"None\", \"2021-12-30\"], \"target_end\": [\"None\", \"2022-01-02\"], \"id\": [\"None\", \"11\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-05 06:55:42.622223\"], \"created\": [\"None\", \"2021-11-05 06:54:11.880223\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Blocked\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.334Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 16,
- "fields": {
- "content_type": 41,
- "object_pk": "12",
- "object_id": 12,
- "object_repr": "Engagement 12: CI/CD Baseline Security Test (Nov 04, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"CI/CD Baseline Security Test\"], \"description\": [\"None\", \"\"], \"version\": [\"None\", \"1.1.2\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-11\"], \"id\": [\"None\", \"12\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-05 07:07:44.126223\"], \"created\": [\"None\", \"2021-11-05 07:06:26.136223\"], \"active\": [\"None\", \"False\"], \"tracker\": [\"None\", \"https://github.com/psiinon/bodgeit\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"CI/CD\"], \"build_id\": [\"None\", \"89\"], \"commit_hash\": [\"None\", \"b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6\"], \"branch_tag\": [\"None\", \"master\"], \"source_code_management_uri\": [\"None\", \"https://github.com/psiinon/bodgeit\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.354Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 17,
- "fields": {
- "content_type": 41,
- "object_pk": "13",
- "object_id": 13,
- "object_repr": "Engagement 13: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"AdHoc Import - Fri, 17 Aug 2018 18:20:55\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-04\"], \"id\": [\"None\", \"13\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-05 10:43:05.446223\"], \"created\": [\"None\", \"2021-11-05 10:43:05.446223\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"In Progress\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.373Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 18,
- "fields": {
- "content_type": 47,
- "object_pk": "1",
- "object_id": 1,
- "object_repr": "http://127.0.0.1//endpoint/420/edit/",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"1\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"127.0.0.1\"], \"port\": [\"None\", \"80\"], \"path\": [\"None\", \"/endpoint/420/edit/\"], \"product\": [\"None\", \"Internal CRM App\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.398Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 19,
- "fields": {
- "content_type": 47,
- "object_pk": "2",
- "object_id": 2,
- "object_repr": "ftp://localhost//",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"2\"], \"protocol\": [\"None\", \"ftp\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"21\"], \"path\": [\"None\", \"/\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.406Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 20,
- "fields": {
- "content_type": 47,
- "object_pk": "3",
- "object_id": 3,
- "object_repr": "ssh://127.0.0.1",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"3\"], \"protocol\": [\"None\", \"ssh\"], \"host\": [\"None\", \"127.0.0.1\"], \"port\": [\"None\", \"22\"], \"product\": [\"None\", \"Apple Accounting Software\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.412Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 21,
- "fields": {
- "content_type": 47,
- "object_pk": "4",
- "object_id": 4,
- "object_repr": "http://localhost:8888//bodgeit/login.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"4\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/login.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.419Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 22,
- "fields": {
- "content_type": 47,
- "object_pk": "5",
- "object_id": 5,
- "object_repr": "127.0.0.1",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"5\"], \"host\": [\"None\", \"127.0.0.1\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.425Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 23,
- "fields": {
- "content_type": 47,
- "object_pk": "6",
- "object_id": 6,
- "object_repr": "http://localhost:8888//bodgeit/register.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"6\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/register.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.432Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 24,
- "fields": {
- "content_type": 47,
- "object_pk": "7",
- "object_id": 7,
- "object_repr": "http://localhost:8888//bodgeit/password.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"7\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/password.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.438Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 25,
- "fields": {
- "content_type": 47,
- "object_pk": "8",
- "object_id": 8,
- "object_repr": "http://localhost:8888//bodgeit/",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"8\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.444Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 26,
- "fields": {
- "content_type": 47,
- "object_pk": "9",
- "object_id": 9,
- "object_repr": "http://localhost:8888//bodgeit/basket.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"9\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/basket.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.450Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 27,
- "fields": {
- "content_type": 47,
- "object_pk": "10",
- "object_id": 10,
- "object_repr": "http://localhost:8888//bodgeit/advanced.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"10\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/advanced.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.457Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 28,
- "fields": {
- "content_type": 47,
- "object_pk": "11",
- "object_id": 11,
- "object_repr": "http://localhost:8888//bodgeit/admin.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"11\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/admin.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.463Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 29,
- "fields": {
- "content_type": 47,
- "object_pk": "12",
- "object_id": 12,
- "object_repr": "http://localhost:8888//bodgeit/about.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"12\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/about.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.470Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 30,
- "fields": {
- "content_type": 47,
- "object_pk": "13",
- "object_id": 13,
- "object_repr": "http://localhost:8888//bodgeit/contact.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"13\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/contact.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.476Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 31,
- "fields": {
- "content_type": 47,
- "object_pk": "14",
- "object_id": 14,
- "object_repr": "http://localhost:8888//bodgeit/home.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"14\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/home.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.483Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 32,
- "fields": {
- "content_type": 47,
- "object_pk": "15",
- "object_id": 15,
- "object_repr": "http://localhost:8888//bodgeit/product.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"15\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/product.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.489Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 33,
- "fields": {
- "content_type": 47,
- "object_pk": "16",
- "object_id": 16,
- "object_repr": "http://localhost:8888//bodgeit/score.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"16\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/score.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.495Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 34,
- "fields": {
- "content_type": 47,
- "object_pk": "17",
- "object_id": 17,
- "object_repr": "http://localhost:8888//bodgeit/search.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"17\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/search.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.501Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 35,
- "fields": {
- "content_type": 47,
- "object_pk": "18",
- "object_id": 18,
- "object_repr": "http://localhost:8888//",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"18\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.508Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 36,
- "fields": {
- "content_type": 47,
- "object_pk": "19",
- "object_id": 19,
- "object_repr": "http://localhost:8888//bodgeit/logout.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"19\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/logout.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.514Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 37,
- "fields": {
- "content_type": 53,
- "object_pk": "3",
- "object_id": 3,
- "object_repr": "API Test",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 1: 1st Quarter Engagement (Jun 30, 2021)\"], \"test_type\": [\"None\", \"API Test\"], \"target_start\": [\"None\", \"2021-02-18 00:00:00\"], \"target_end\": [\"None\", \"2021-02-27 00:00:00\"], \"estimated_time\": [\"None\", \"00:00:00\"], \"actual_time\": [\"None\", \"00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"id\": [\"None\", \"3\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.530Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 38,
- "fields": {
- "content_type": 53,
- "object_pk": "13",
- "object_id": 13,
- "object_repr": "API Test",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 2: April Monthly Engagement (Jun 30, 2021)\"], \"lead\": [\"None\", \"(product_manager)\"], \"test_type\": [\"None\", \"API Test\"], \"target_start\": [\"None\", \"2021-03-21 01:00:00\"], \"target_end\": [\"None\", \"2021-03-22 01:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"id\": [\"None\", \"13\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.541Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 39,
- "fields": {
- "content_type": 53,
- "object_pk": "14",
- "object_id": 14,
- "object_repr": "API Test",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 1: 1st Quarter Engagement (Jun 30, 2021)\"], \"test_type\": [\"None\", \"API Test\"], \"target_start\": [\"None\", \"2021-02-18 00:00:00\"], \"target_end\": [\"None\", \"2021-02-27 00:00:00\"], \"estimated_time\": [\"None\", \"02:00:00\"], \"actual_time\": [\"None\", \"00:30:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"id\": [\"None\", \"14\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.550Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 40,
- "fields": {
- "content_type": 53,
- "object_pk": "15",
- "object_id": 15,
- "object_repr": "Checkmarx Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 4: Static Scan (Nov 03, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Checkmarx Scan\"], \"target_start\": [\"None\", \"2021-11-03 00:00:00\"], \"target_end\": [\"None\", \"2021-11-03 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 09:01:30.563223\"], \"created\": [\"None\", \"2021-11-04 09:01:30.563223\"], \"id\": [\"None\", \"15\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.559Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 41,
- "fields": {
- "content_type": 53,
- "object_pk": "16",
- "object_id": 16,
- "object_repr": "Checkmarx Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 4: Static Scan (Nov 03, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Checkmarx Scan\"], \"target_start\": [\"None\", \"2021-11-03 00:00:00\"], \"target_end\": [\"None\", \"2021-11-03 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 09:03:25.139223\"], \"created\": [\"None\", \"2021-11-04 09:03:25.139223\"], \"id\": [\"None\", \"16\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.568Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 42,
- "fields": {
- "content_type": 53,
- "object_pk": "18",
- "object_id": 18,
- "object_repr": "Qualys Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 6: Quarterly PCI Scan (Jan 19, 2022)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Qualys Scan\"], \"target_start\": [\"None\", \"2022-01-19 00:00:00\"], \"target_end\": [\"None\", \"2022-01-24 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 09:26:34.003223\"], \"created\": [\"None\", \"2021-11-04 09:25:46.327223\"], \"id\": [\"None\", \"18\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.578Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 43,
- "fields": {
- "content_type": 53,
- "object_pk": "19",
- "object_id": 19,
- "object_repr": "Pen Test",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 7: Ad Hoc Engagement (Nov 03, 2021)\"], \"test_type\": [\"None\", \"Pen Test\"], \"target_start\": [\"None\", \"2021-11-04 09:36:15.180223\"], \"target_end\": [\"None\", \"2021-11-04 09:36:15.180223\"], \"updated\": [\"None\", \"2021-11-04 09:36:15.180223\"], \"created\": [\"None\", \"2021-11-04 09:36:15.180223\"], \"id\": [\"None\", \"19\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.587Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 44,
- "fields": {
- "content_type": 53,
- "object_pk": "20",
- "object_id": 20,
- "object_repr": "API Test",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 8: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"API Test\"], \"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 09:43:09.101223\"], \"created\": [\"None\", \"2021-11-04 09:43:09.101223\"], \"id\": [\"None\", \"20\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.596Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 45,
- "fields": {
- "content_type": 53,
- "object_pk": "21",
- "object_id": 21,
- "object_repr": "Nmap Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 8: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Nmap Scan\"], \"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Staging\"], \"updated\": [\"None\", \"2021-11-04 09:43:23.410223\"], \"created\": [\"None\", \"2021-11-04 09:43:23.410223\"], \"id\": [\"None\", \"21\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.605Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 46,
- "fields": {
- "content_type": 53,
- "object_pk": "22",
- "object_id": 22,
- "object_repr": "Dependency Check Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 8: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Dependency Check Scan\"], \"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 09:43:41.711223\"], \"created\": [\"None\", \"2021-11-04 09:43:41.711223\"], \"id\": [\"None\", \"22\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.615Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 47,
- "fields": {
- "content_type": 53,
- "object_pk": "23",
- "object_id": 23,
- "object_repr": "ZAP Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 8: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"ZAP Scan\"], \"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 09:44:01.815223\"], \"created\": [\"None\", \"2021-11-04 09:44:01.815223\"], \"id\": [\"None\", \"23\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.624Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 48,
- "fields": {
- "content_type": 53,
- "object_pk": "25",
- "object_id": 25,
- "object_repr": "Dependency Check Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 10: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Dependency Check Scan\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 06:44:35.814223\"], \"created\": [\"None\", \"2021-11-05 06:44:35.814223\"], \"id\": [\"None\", \"25\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.633Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 49,
- "fields": {
- "content_type": 53,
- "object_pk": "26",
- "object_id": 26,
- "object_repr": "VCG Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 10: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"VCG Scan\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 06:46:06.450223\"], \"created\": [\"None\", \"2021-11-05 06:46:06.450223\"], \"id\": [\"None\", \"26\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.643Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 50,
- "fields": {
- "content_type": 53,
- "object_pk": "28",
- "object_id": 28,
- "object_repr": "Burp Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 10: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Burp Scan\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 06:47:17.517223\"], \"created\": [\"None\", \"2021-11-05 06:47:17.518223\"], \"id\": [\"None\", \"28\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.652Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 51,
- "fields": {
- "content_type": 53,
- "object_pk": "29",
- "object_id": 29,
- "object_repr": "Manual Code Review",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 11: Manual PenTest (Dec 30, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Manual Code Review\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-11 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-05 06:54:23.989223\"], \"created\": [\"None\", \"2021-11-05 06:54:23.989223\"], \"id\": [\"None\", \"29\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.700Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 52,
- "fields": {
- "content_type": 53,
- "object_pk": "30",
- "object_id": 30,
- "object_repr": "Pen Test",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 11: Manual PenTest (Dec 30, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Pen Test\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-11 00:00:00\"], \"environment\": [\"None\", \"Pre-prod\"], \"updated\": [\"None\", \"2021-11-05 06:54:35.499223\"], \"created\": [\"None\", \"2021-11-05 06:54:35.499223\"], \"id\": [\"None\", \"30\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.709Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 53,
- "fields": {
- "content_type": 53,
- "object_pk": "31",
- "object_id": 31,
- "object_repr": "Gosec Scanner",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 12: CI/CD Baseline Security Test (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Gosec Scanner\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 07:07:18.034223\"], \"created\": [\"None\", \"2021-11-05 07:07:18.034223\"], \"id\": [\"None\", \"31\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.719Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 54,
- "fields": {
- "content_type": 53,
- "object_pk": "32",
- "object_id": 32,
- "object_repr": "Burp Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"Engagement 13: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Burp Scan\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 10:43:05.485223\"], \"created\": [\"None\", \"2021-11-05 10:43:05.485223\"], \"id\": [\"None\", \"32\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.728Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 55,
- "fields": {
- "content_type": 58,
- "object_pk": "2",
- "object_id": 2,
- "object_repr": "High Impact test finding",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"2\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"hash_code\": [\"None\", \"91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.744Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 56,
- "fields": {
- "content_type": 58,
- "object_pk": "3",
- "object_id": 3,
- "object_repr": "High Impact test finding",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"3\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.760Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 57,
- "fields": {
- "content_type": 58,
- "object_pk": "4",
- "object_id": 4,
- "object_repr": "High Impact test finding",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"4\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.774Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 58,
- "fields": {
- "content_type": 58,
- "object_pk": "5",
- "object_id": 5,
- "object_repr": "High Impact test finding",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"5\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.787Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 59,
- "fields": {
- "content_type": 58,
- "object_pk": "6",
- "object_id": 6,
- "object_repr": "High Impact test finding",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"6\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.801Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 60,
- "fields": {
- "content_type": 58,
- "object_pk": "7",
- "object_id": 7,
- "object_repr": "DUMMY FINDING",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"7\"], \"title\": [\"None\", \"DUMMY FINDING\"], \"date\": [\"None\", \"2021-03-20\"], \"cwe\": [\"None\", \"1\"], \"url\": [\"None\", \"http://www.example.com\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"TEST finding\"], \"mitigation\": [\"None\", \"MITIGATION\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(product_manager)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(product_manager)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"1\"], \"reporter\": [\"None\", \"(product_manager)\"], \"line\": [\"None\", \"100\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.815Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 61,
- "fields": {
- "content_type": 58,
- "object_pk": "8",
- "object_id": 8,
- "object_repr": "SQL Injection (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:32.590223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"8\"], \"title\": [\"None\", \"SQL Injection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"30\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:32.587223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.829Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 62,
- "fields": {
- "content_type": 58,
- "object_pk": "9",
- "object_id": 9,
- "object_repr": "Download of Code Without Integrity Check (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:32.769223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"9\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:32.763223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.843Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 63,
- "fields": {
- "content_type": 58,
- "object_pk": "10",
- "object_id": 10,
- "object_repr": "Missing X Frame Options (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:32.948223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"10\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:32.945223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.856Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 64,
- "fields": {
- "content_type": 58,
- "object_pk": "11",
- "object_id": 11,
- "object_repr": "Information Exposure Through an Error Message (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.124223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"11\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\\n\\n**Line Number:** 132\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 132\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 134\\n**Column:** 13\\n**Source Object:** e\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n**Line Number:** 134\\n**Column:** 30\\n**Source Object:** printStackTrace\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"134\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.122223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.869Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 65,
- "fields": {
- "content_type": 58,
- "object_pk": "12",
- "object_id": 12,
- "object_repr": "Improper Resource Shutdown or Release (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.268223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"12\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\\n\\n**Line Number:** 1\\n**Column:** 688\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1608\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 13\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT COUNT (*) FROM Products\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 25\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"25\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.265223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.883Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 66,
- "fields": {
- "content_type": 58,
- "object_pk": "13",
- "object_id": 13,
- "object_repr": "Reflected XSS All Clients (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.438223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"13\"], \"title\": [\"None\", \"Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"141\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.435223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.897Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 67,
- "fields": {
- "content_type": 58,
- "object_pk": "14",
- "object_id": 14,
- "object_repr": "HttpOnlyCookies (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.602223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"14\"], \"title\": [\"None\", \"HttpOnlyCookies (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\\n\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"46\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.599223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.911Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 68,
- "fields": {
- "content_type": 58,
- "object_pk": "15",
- "object_id": 15,
- "object_repr": "CGI Reflected XSS All Clients (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.755223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"15\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.751223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.925Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 69,
- "fields": {
- "content_type": 58,
- "object_pk": "16",
- "object_id": 16,
- "object_repr": "Hardcoded password in Connection String (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.905223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"16\"], \"title\": [\"None\", \"Hardcoded password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 725\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.902223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.938Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 70,
- "fields": {
- "content_type": 58,
- "object_pk": "17",
- "object_id": 17,
- "object_repr": "Client Insecure Randomness (encryption.js)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.060223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"17\"], \"title\": [\"None\", \"Client Insecure Randomness (encryption.js)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\\n\\n**Line Number:** 127\\n**Column:** 28\\n**Source Object:** random\\n**Number:** 127\\n**Code:** var h = Math.floor(Math.random() * 65535);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"127\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.056223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/js/encryption.js\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.952Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 71,
- "fields": {
- "content_type": 58,
- "object_pk": "18",
- "object_id": 18,
- "object_repr": "SQL Injection (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.209223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"18\"], \"title\": [\"None\", \"SQL Injection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.206223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.965Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 72,
- "fields": {
- "content_type": 58,
- "object_pk": "19",
- "object_id": 19,
- "object_repr": "Stored XSS (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.373223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"19\"], \"title\": [\"None\", \"Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"257\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.370223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.978Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 73,
- "fields": {
- "content_type": 58,
- "object_pk": "20",
- "object_id": 20,
- "object_repr": "CGI Stored XSS (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.530223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"20\"], \"title\": [\"None\", \"CGI Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.527223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:54.992Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 74,
- "fields": {
- "content_type": 58,
- "object_pk": "21",
- "object_id": 21,
- "object_repr": "Not Using a Random IV with CBC Mode (AES.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.702223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"21\"], \"title\": [\"None\", \"Not Using a Random IV with CBC Mode (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"329\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\\n\\n**Line Number:** 96\\n**Column:** 71\\n**Source Object:** ivBytes\\n**Number:** 96\\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.699223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.006Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 75,
- "fields": {
- "content_type": 58,
- "object_pk": "22",
- "object_id": 22,
- "object_repr": "Collapse of Data into Unsafe Value (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.865223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"22\"], \"title\": [\"None\", \"Collapse of Data into Unsafe Value (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"182\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\\n\\n**Line Number:** 19\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.861223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.019Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 76,
- "fields": {
- "content_type": 58,
- "object_pk": "23",
- "object_id": 23,
- "object_repr": "Stored Boundary Violation (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.040223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"23\"], \"title\": [\"None\", \"Stored Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"646\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Stored\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"22\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.037223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.033Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 77,
- "fields": {
- "content_type": 58,
- "object_pk": "24",
- "object_id": 24,
- "object_repr": "Hardcoded password in Connection String (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.231223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"24\"], \"title\": [\"None\", \"Hardcoded password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 722\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.227223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.047Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 78,
- "fields": {
- "content_type": 58,
- "object_pk": "25",
- "object_id": 25,
- "object_repr": "Blind SQL Injections (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.388223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"25\"], \"title\": [\"None\", \"Blind SQL Injections (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.385223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.060Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 79,
- "fields": {
- "content_type": 58,
- "object_pk": "26",
- "object_id": 26,
- "object_repr": "Heap Inspection (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.563223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"26\"], \"title\": [\"None\", \"Heap Inspection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\\n\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"10\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.561223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.074Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 80,
- "fields": {
- "content_type": 58,
- "object_pk": "27",
- "object_id": 27,
- "object_repr": "Use of Cryptographically Weak PRNG (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.729223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"27\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.724223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.088Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 81,
- "fields": {
- "content_type": 58,
- "object_pk": "28",
- "object_id": 28,
- "object_repr": "Trust Boundary Violation (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.904223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"28\"], \"title\": [\"None\", \"Trust Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"501\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"22\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.900223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.101Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 82,
- "fields": {
- "content_type": 58,
- "object_pk": "29",
- "object_id": 29,
- "object_repr": "Information Exposure Through an Error Message (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.151223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"29\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\\n\\n**Line Number:** 52\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 52\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 53\\n**Column:** 387\\n**Source Object:** e\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n**Line Number:** 53\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"53\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.147223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.115Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 83,
- "fields": {
- "content_type": 58,
- "object_pk": "30",
- "object_id": 30,
- "object_repr": "Reliance on Cookies in a Decision (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.397223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"30\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\\n\\n**Line Number:** 38\\n**Column:** 388\\n**Source Object:** getCookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 41\\n**Column:** 373\\n**Source Object:** cookies\\n**Number:** 41\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 42\\n**Column:** 392\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 42\\n**Column:** 357\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 43\\n**Column:** 365\\n**Source Object:** cookie\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 280\\n**Column:** 356\\n**Source Object:** stmt\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n**Line Number:** 280\\n**Column:** 361\\n**Source Object:** !=\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"280\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.394223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.129Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 84,
- "fields": {
- "content_type": 58,
- "object_pk": "31",
- "object_id": 31,
- "object_repr": "Empty Password In Connection String (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.586223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"31\"], \"title\": [\"None\", \"Empty Password In Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.583223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.143Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 85,
- "fields": {
- "content_type": 58,
- "object_pk": "32",
- "object_id": 32,
- "object_repr": "Improper Resource Access Authorization (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.781223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"32\"], \"title\": [\"None\", \"Improper Resource Access Authorization (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\\n\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.777223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.157Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 86,
- "fields": {
- "content_type": 58,
- "object_pk": "33",
- "object_id": 33,
- "object_repr": "Client Cross Frame Scripting Attack (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.976223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"33\"], \"title\": [\"None\", \"Client Cross Frame Scripting Attack (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** JavaScript\\n**Group:** JavaScript Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\\n\\n**Line Number:** 1\\n**Column:** 1\\n**Source Object:** CxJSNS_1557034993\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.972223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.172Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 87,
- "fields": {
- "content_type": 58,
- "object_pk": "34",
- "object_id": 34,
- "object_repr": "Hardcoded password in Connection String (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:37.211223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"34\"], \"title\": [\"None\", \"Hardcoded password in Connection String (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\\n\\n**Line Number:** 1\\n**Column:** 737\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 707\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:37.206223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.185Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 88,
- "fields": {
- "content_type": 58,
- "object_pk": "35",
- "object_id": 35,
- "object_repr": "HttpOnlyCookies In Config (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:37.495223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"35\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:37.491223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.199Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 89,
- "fields": {
- "content_type": 58,
- "object_pk": "36",
- "object_id": 36,
- "object_repr": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:37.702223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"36\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\\n\\n**Line Number:** 40\\n**Column:** 13\\n**Source Object:** connection\\n**Number:** 40\\n**Code:** this.connection = conn;\\n-----\\n**Line Number:** 43\\n**Column:** 31\\n**Source Object:** getParameters\\n**Number:** 43\\n**Code:** this.getParameters();\\n-----\\n**Line Number:** 44\\n**Column:** 28\\n**Source Object:** setResults\\n**Number:** 44\\n**Code:** this.setResults();\\n-----\\n**Line Number:** 188\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 188\\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\\n-----\\n**Line Number:** 198\\n**Column:** 61\\n**Source Object:** isAjax\\n**Number:** 198\\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\\\", \\\") : result.getTrHTML());\\n-----\\n**Line Number:** 201\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 201\\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\\n-----\\n**Line Number:** 45\\n**Column:** 27\\n**Source Object:** setScores\\n**Number:** 45\\n**Code:** this.setScores();\\n-----\\n**Line Number:** 129\\n**Column:** 28\\n**Source Object:** isDebug\\n**Number:** 129\\n**Code:** if(this.isDebug()){\\n-----\\n**Line Number:** 130\\n**Column:** 21\\n**Source Object:** connection\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 48\\n**Source Object:** createStatement\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 58\\n**Source Object:** execute\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"130\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:37.698223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.213Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 90,
- "fields": {
- "content_type": 58,
- "object_pk": "37",
- "object_id": 37,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:37.894223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"37\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\\n\\n**Line Number:** 56\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 56\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"56\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:37.891223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.226Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 91,
- "fields": {
- "content_type": 58,
- "object_pk": "38",
- "object_id": 38,
- "object_repr": "CGI Reflected XSS All Clients (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.083223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"38\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"78\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.079223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.241Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 92,
- "fields": {
- "content_type": 58,
- "object_pk": "39",
- "object_id": 39,
- "object_repr": "Suspected XSS (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.281223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"39\"], \"title\": [\"None\", \"Suspected XSS (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\\n\\n**Line Number:** 57\\n**Column:** 360\\n**Source Object:** username\\n**Number:** 57\\n**Code:** | <%=username%> | \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"57\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.277223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.255Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 93,
- "fields": {
- "content_type": 58,
- "object_pk": "40",
- "object_id": 40,
- "object_repr": "Hardcoded password in Connection String (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.499223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"40\"], \"title\": [\"None\", \"Hardcoded password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 704\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.495223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.269Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 94,
- "fields": {
- "content_type": 58,
- "object_pk": "41",
- "object_id": 41,
- "object_repr": "Hardcoded password in Connection String (dbconnection.jspf)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.694223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"41\"], \"title\": [\"None\", \"Hardcoded password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.690223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.284Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 95,
- "fields": {
- "content_type": 58,
- "object_pk": "42",
- "object_id": 42,
- "object_repr": "Empty Password In Connection String (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.895223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"42\"], \"title\": [\"None\", \"Empty Password In Connection String (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.891223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.298Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 96,
- "fields": {
- "content_type": 58,
- "object_pk": "43",
- "object_id": 43,
- "object_repr": "Download of Code Without Integrity Check (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.107223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"43\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\\n\\n**Line Number:** 1\\n**Column:** 640\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.102223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.311Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 97,
- "fields": {
- "content_type": 58,
- "object_pk": "44",
- "object_id": 44,
- "object_repr": "Information Exposure Through an Error Message (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.298223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"44\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\\n\\n**Line Number:** 39\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 39\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 41\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 41\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"41\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.295223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.325Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 98,
- "fields": {
- "content_type": 58,
- "object_pk": "45",
- "object_id": 45,
- "object_repr": "SQL Injection (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.448223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"45\"], \"title\": [\"None\", \"SQL Injection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.444223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.339Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 99,
- "fields": {
- "content_type": 58,
- "object_pk": "46",
- "object_id": 46,
- "object_repr": "Empty Password In Connection String (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.616223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"46\"], \"title\": [\"None\", \"Empty Password In Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.613223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.353Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 100,
- "fields": {
- "content_type": 58,
- "object_pk": "47",
- "object_id": 47,
- "object_repr": "CGI Stored XSS (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.814223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"47\"], \"title\": [\"None\", \"CGI Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"19\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.809223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.367Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 101,
- "fields": {
- "content_type": 58,
- "object_pk": "48",
- "object_id": 48,
- "object_repr": "Plaintext Storage in a Cookie (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.005223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"48\"], \"title\": [\"None\", \"Plaintext Storage in a Cookie (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"315\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\\n\\n**Line Number:** 82\\n**Column:** 364\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 82\\n**Column:** 353\\n**Source Object:** basketId\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 84\\n**Column:** 391\\n**Source Object:** basketId\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"84\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.001223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.381Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 102,
- "fields": {
- "content_type": 58,
- "object_pk": "49",
- "object_id": 49,
- "object_repr": "Information Exposure Through an Error Message (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.176223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"49\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\\n\\n**Line Number:** 72\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 72\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 75\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 75\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"75\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.173223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.395Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 103,
- "fields": {
- "content_type": 58,
- "object_pk": "50",
- "object_id": 50,
- "object_repr": "Hardcoded password in Connection String (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.355223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"50\"], \"title\": [\"None\", \"Hardcoded password in Connection String (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\\n\\n**Line Number:** 1\\n**Column:** 792\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 762\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.351223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.409Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 104,
- "fields": {
- "content_type": 58,
- "object_pk": "51",
- "object_id": 51,
- "object_repr": "Stored XSS (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.539223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"51\"], \"title\": [\"None\", \"Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"21\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.535223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.423Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 105,
- "fields": {
- "content_type": 58,
- "object_pk": "52",
- "object_id": 52,
- "object_repr": "Download of Code Without Integrity Check (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.715223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"52\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\\n\\n**Line Number:** 1\\n**Column:** 621\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.710223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.437Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 106,
- "fields": {
- "content_type": 58,
- "object_pk": "53",
- "object_id": 53,
- "object_repr": "Empty Password In Connection String (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.869223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"53\"], \"title\": [\"None\", \"Empty Password In Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.865223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.450Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 107,
- "fields": {
- "content_type": 58,
- "object_pk": "54",
- "object_id": 54,
- "object_repr": "Heap Inspection (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.022223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"54\"], \"title\": [\"None\", \"Heap Inspection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\\n\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"8\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.019223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.463Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 108,
- "fields": {
- "content_type": 58,
- "object_pk": "55",
- "object_id": 55,
- "object_repr": "Download of Code Without Integrity Check (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.178223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"55\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\\n\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.175223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.477Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 109,
- "fields": {
- "content_type": 58,
- "object_pk": "56",
- "object_id": 56,
- "object_repr": "Session Fixation (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.335223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"56\"], \"title\": [\"None\", \"Session Fixation (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\\n\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** setAttribute\\n**Number:** 48\\n**Code:** this.session.setAttribute(\\\"key\\\", this.encryptKey);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"48\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.332223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.490Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 110,
- "fields": {
- "content_type": 58,
- "object_pk": "57",
- "object_id": 57,
- "object_repr": "Stored XSS (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.494223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"57\"], \"title\": [\"None\", \"Stored XSS (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\\n\\n**Line Number:** 34\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 34\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 38\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 38\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 42\\n**Column:** 398\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** \\\" | \\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 42\\n**Column:** 410\\n**Source Object:** getString\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 392\\n**Source Object:** concat\\n**Number:** 39\\n**Code:** output = output.concat(\\\"| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 39\\n**Column:** 370\\n**Source Object:** output\\n**Number:** 39\\n**Code:** output = output.concat(\\\" |
| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 49\\n**Column:** 355\\n**Source Object:** output\\n**Number:** 49\\n**Code:** <%= output %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.491223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.504Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 111,
- "fields": {
- "content_type": 58,
- "object_pk": "58",
- "object_id": 58,
- "object_repr": "Empty Password In Connection String (dbconnection.jspf)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.669223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"58\"], \"title\": [\"None\", \"Empty Password In Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.667223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.517Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 112,
- "fields": {
- "content_type": 58,
- "object_pk": "59",
- "object_id": 59,
- "object_repr": "Hardcoded password in Connection String (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.820223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"59\"], \"title\": [\"None\", \"Hardcoded password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2619\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.817223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.532Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 113,
- "fields": {
- "content_type": 58,
- "object_pk": "60",
- "object_id": 60,
- "object_repr": "Reflected XSS All Clients (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.972223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"60\"], \"title\": [\"None\", \"Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\" |
| \\\" + comments + \\\" |
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" |
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.970223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.547Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 114,
- "fields": {
- "content_type": 58,
- "object_pk": "61",
- "object_id": 61,
- "object_repr": "HttpOnlyCookies (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.130223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"61\"], \"title\": [\"None\", \"HttpOnlyCookies (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\\n\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"38\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.127223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.561Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 115,
- "fields": {
- "content_type": 58,
- "object_pk": "62",
- "object_id": 62,
- "object_repr": "Download of Code Without Integrity Check (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.302223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"62\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.298223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.575Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 116,
- "fields": {
- "content_type": 58,
- "object_pk": "63",
- "object_id": 63,
- "object_repr": "Stored XSS (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.457223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"63\"], \"title\": [\"None\", \"Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.453223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.589Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 117,
- "fields": {
- "content_type": 58,
- "object_pk": "64",
- "object_id": 64,
- "object_repr": "Empty Password In Connection String (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.620223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"64\"], \"title\": [\"None\", \"Empty Password In Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.617223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.603Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 118,
- "fields": {
- "content_type": 58,
- "object_pk": "65",
- "object_id": 65,
- "object_repr": "Reflected XSS All Clients (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.796223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"65\"], \"title\": [\"None\", \"Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.793223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.617Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 119,
- "fields": {
- "content_type": 58,
- "object_pk": "66",
- "object_id": 66,
- "object_repr": "Improper Resource Access Authorization (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.956223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"66\"], \"title\": [\"None\", \"Improper Resource Access Authorization (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"42\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.953223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.631Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 120,
- "fields": {
- "content_type": 58,
- "object_pk": "67",
- "object_id": 67,
- "object_repr": "Download of Code Without Integrity Check (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.115223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"67\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\\n\\n**Line Number:** 1\\n**Column:** 625\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.112223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.646Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 121,
- "fields": {
- "content_type": 58,
- "object_pk": "68",
- "object_id": 68,
- "object_repr": "Download of Code Without Integrity Check (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.269223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"68\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.267223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.659Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 122,
- "fields": {
- "content_type": 58,
- "object_pk": "69",
- "object_id": 69,
- "object_repr": "Improper Resource Access Authorization (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.431223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"69\"], \"title\": [\"None\", \"Improper Resource Access Authorization (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\\n\\n**Line Number:** 55\\n**Column:** 385\\n**Source Object:** executeQuery\\n**Number:** 55\\n**Code:** ResultSet rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE basketid = \\\" + basketId);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"55\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.428223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.673Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 123,
- "fields": {
- "content_type": 58,
- "object_pk": "70",
- "object_id": 70,
- "object_repr": "Race Condition Format Flaw (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.595223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"70\"], \"title\": [\"None\", \"Race Condition Format Flaw (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\\n\\n**Line Number:** 262\\n**Column:** 399\\n**Source Object:** format\\n**Number:** 262\\n**Code:** out.println(\\\" | \\\" + nf.format(pricetopay) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"262\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.592223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.687Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 124,
- "fields": {
- "content_type": 58,
- "object_pk": "71",
- "object_id": 71,
- "object_repr": "Empty Password In Connection String (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.752223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"71\"], \"title\": [\"None\", \"Empty Password In Connection String (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\\n\\n**Line Number:** 89\\n**Column:** 1\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 89\\n**Code:** c = DriverManager.getConnection(\\\"jdbc:hsqldb:mem:SQL\\\", \\\"sa\\\", \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.749223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.700Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 125,
- "fields": {
- "content_type": 58,
- "object_pk": "72",
- "object_id": 72,
- "object_repr": "Improper Resource Access Authorization (FunctionalZAP.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.931223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"72\"], \"title\": [\"None\", \"Improper Resource Access Authorization (FunctionalZAP.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\\n\\n**Line Number:** 31\\n**Column:** 37\\n**Source Object:** getProperty\\n**Number:** 31\\n**Code:** String target = System.getProperty(\\\"zap.targetApp\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.927223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.713Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 126,
- "fields": {
- "content_type": 58,
- "object_pk": "73",
- "object_id": 73,
- "object_repr": "Suspected XSS (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.091223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"73\"], \"title\": [\"None\", \"Suspected XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** username\\n**Number:** 7\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 89\\n**Column:** 356\\n**Source Object:** username\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.088223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.726Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 127,
- "fields": {
- "content_type": 58,
- "object_pk": "74",
- "object_id": 74,
- "object_repr": "Use of Cryptographically Weak PRNG (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.250223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"74\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.247223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.740Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 128,
- "fields": {
- "content_type": 58,
- "object_pk": "75",
- "object_id": 75,
- "object_repr": "CGI Stored XSS (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.408223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"75\"], \"title\": [\"None\", \"CGI Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.405223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.754Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 129,
- "fields": {
- "content_type": 58,
- "object_pk": "76",
- "object_id": 76,
- "object_repr": "Improper Resource Shutdown or Release (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.599223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"76\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\\n\\n**Line Number:** 1\\n**Column:** 2588\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2872\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3278\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3375\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3473\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3575\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3673\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3769\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3866\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3972\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4357\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4511\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4668\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4823\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5127\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5279\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5431\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5583\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5733\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5883\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6033\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6183\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6333\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6483\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6633\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6783\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6940\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7096\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7257\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7580\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7730\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7880\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8029\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8179\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8340\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8495\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8656\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8813\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8966\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9121\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9272\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9653\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9814\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9976\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10140\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10506\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10846\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10986\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11126\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11266\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11407\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11761\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11779\\n**Source Object:** prepareStatement\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11899\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.595223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.769Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 130,
- "fields": {
- "content_type": 58,
- "object_pk": "77",
- "object_id": 77,
- "object_repr": "Download of Code Without Integrity Check (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.798223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"77\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\\n\\n**Line Number:** 87\\n**Column:** 10\\n**Source Object:** forName\\n**Number:** 87\\n**Code:** Class.forName(\\\"org.hsqldb.jdbcDriver\\\" );\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"87\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.794223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.785Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 131,
- "fields": {
- "content_type": 58,
- "object_pk": "78",
- "object_id": 78,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.961223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"78\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\\n\\n**Line Number:** 1\\n**Column:** 728\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1648\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 53\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 53\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 240\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 274\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 274\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.955223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.800Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 132,
- "fields": {
- "content_type": 58,
- "object_pk": "79",
- "object_id": 79,
- "object_repr": "Blind SQL Injections (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.167223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"79\"], \"title\": [\"None\", \"Blind SQL Injections (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.164223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.815Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 133,
- "fields": {
- "content_type": 58,
- "object_pk": "80",
- "object_id": 80,
- "object_repr": "Client DOM Open Redirect (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.338223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"80\"], \"title\": [\"None\", \"Client DOM Open Redirect (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"601\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\\n\\n**Line Number:** 48\\n**Column:** 63\\n**Source Object:** href\\n**Number:** 48\\n**Code:** New Search\\n-----\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** location\\n**Number:** 48\\n**Code:** New Search\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"48\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.335223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.830Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 134,
- "fields": {
- "content_type": 58,
- "object_pk": "81",
- "object_id": 81,
- "object_repr": "Hardcoded password in Connection String (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.495223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"81\"], \"title\": [\"None\", \"Hardcoded password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.492223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.844Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 135,
- "fields": {
- "content_type": 58,
- "object_pk": "82",
- "object_id": 82,
- "object_repr": "CGI Stored XSS (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.667223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"82\"], \"title\": [\"None\", \"CGI Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"257\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.664223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.859Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 136,
- "fields": {
- "content_type": 58,
- "object_pk": "83",
- "object_id": 83,
- "object_repr": "Use of Insufficiently Random Values (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.809223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"83\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.806223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.875Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 137,
- "fields": {
- "content_type": 58,
- "object_pk": "84",
- "object_id": 84,
- "object_repr": "Missing X Frame Options (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.947223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"84\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.944223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.889Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 138,
- "fields": {
- "content_type": 58,
- "object_pk": "85",
- "object_id": 85,
- "object_repr": "Reflected XSS All Clients (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.093223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"85\"], \"title\": [\"None\", \"Reflected XSS All Clients (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\\n\\n**Line Number:** 10\\n**Column:** 395\\n**Source Object:** \\\"\\\"q\\\"\\\"\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 394\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** query\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 362\\n**Source Object:** query\\n**Number:** 13\\n**Code:** if (query.replaceAll(\\\"\\\\\\\\s\\\", \\\"\\\").toLowerCase().indexOf(\\\"\\\") >= 0) {\\n-----\\n**Line Number:** 18\\n**Column:** 380\\n**Source Object:** query\\n**Number:** 18\\n**Code:** You searched for: <%= query %>
\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"18\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.090223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.904Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 139,
- "fields": {
- "content_type": 58,
- "object_pk": "86",
- "object_id": 86,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.242223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"86\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\\n\\n**Line Number:** 84\\n**Column:** 372\\n**Source Object:** Cookie\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"84\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.239223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.918Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 140,
- "fields": {
- "content_type": 58,
- "object_pk": "87",
- "object_id": 87,
- "object_repr": "Information Exposure Through an Error Message (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.417223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"87\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\\n\\n**Line Number:** 35\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 35\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 37\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.413223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.933Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 141,
- "fields": {
- "content_type": 58,
- "object_pk": "88",
- "object_id": 88,
- "object_repr": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.582223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"88\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\\n\\n**Line Number:** 47\\n**Column:** 70\\n**Source Object:** 0\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 69\\n**Source Object:** substring\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 17\\n**Source Object:** encryptKey\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 17\\n**Column:** 374\\n**Source Object:** AdvancedSearch\\n**Number:** 17\\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\\n-----\\n**Line Number:** 18\\n**Column:** 357\\n**Source Object:** as\\n**Number:** 18\\n**Code:** if(as.isAjax()){\\n-----\\n**Line Number:** 26\\n**Column:** 20\\n**Source Object:** encryptKey\\n**Number:** 26\\n**Code:** private String encryptKey = null;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"26\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.579223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.946Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 142,
- "fields": {
- "content_type": 58,
- "object_pk": "89",
- "object_id": 89,
- "object_repr": "Reliance on Cookies in a Decision (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.729223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"89\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\\n\\n**Line Number:** 46\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 49\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 49\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 50\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 50\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 51\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 56\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 56\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"56\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.727223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.960Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 143,
- "fields": {
- "content_type": 58,
- "object_pk": "90",
- "object_id": 90,
- "object_repr": "Stored XSS (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.883223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"90\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\\n\\n**Line Number:** 63\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 63\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 66\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 66\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 68\\n**Column:** 411\\n**Source Object:** rs\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 423\\n**Source Object:** getString\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"68\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.880223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.974Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 144,
- "fields": {
- "content_type": 58,
- "object_pk": "91",
- "object_id": 91,
- "object_repr": "CGI Stored XSS (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.032223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"91\"], \"title\": [\"None\", \"CGI Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"21\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.029223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:55.988Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 145,
- "fields": {
- "content_type": 58,
- "object_pk": "92",
- "object_id": 92,
- "object_repr": "Heap Inspection (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.169223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"92\"], \"title\": [\"None\", \"Heap Inspection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"7\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.166223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.003Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 146,
- "fields": {
- "content_type": 58,
- "object_pk": "93",
- "object_id": 93,
- "object_repr": "Improper Resource Shutdown or Release (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.314223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"93\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\\n\\n**Line Number:** 1\\n**Column:** 721\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1641\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 20\\n**Column:** 371\\n**Source Object:** conn\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 391\\n**Source Object:** createStatement\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 364\\n**Source Object:** stmt\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 34\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 57\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 57\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"57\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.311223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.016Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 147,
- "fields": {
- "content_type": 58,
- "object_pk": "94",
- "object_id": 94,
- "object_repr": "Information Exposure Through an Error Message (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.459223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"94\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\\n\\n**Line Number:** 64\\n**Column:** 374\\n**Source Object:** e\\n**Number:** 64\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 65\\n**Column:** 357\\n**Source Object:** e\\n**Number:** 65\\n**Code:** if (e.getMessage().indexOf(\\\"Unique constraint violation\\\") >= 0) {\\n-----\\n**Line Number:** 70\\n**Column:** 392\\n**Source Object:** e\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 70\\n**Column:** 366\\n**Source Object:** println\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"70\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.456223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.031Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 148,
- "fields": {
- "content_type": 58,
- "object_pk": "95",
- "object_id": 95,
- "object_repr": "Improper Resource Access Authorization (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.615223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"95\"], \"title\": [\"None\", \"Improper Resource Access Authorization (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\\n\\n**Line Number:** 1\\n**Column:** 3261\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.612223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.045Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 149,
- "fields": {
- "content_type": 58,
- "object_pk": "96",
- "object_id": 96,
- "object_repr": "CGI Stored XSS (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.776223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"96\"], \"title\": [\"None\", \"CGI Stored XSS (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 14\\n**Column:** 38\\n**Source Object:** getAttribute\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 10\\n**Source Object:** username\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 52\\n**Source Object:** username\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 8\\n**Source Object:** println\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.772223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.058Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 150,
- "fields": {
- "content_type": 58,
- "object_pk": "97",
- "object_id": 97,
- "object_repr": "Blind SQL Injections (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.932223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"97\"], \"title\": [\"None\", \"Blind SQL Injections (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"173\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.928223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.072Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 151,
- "fields": {
- "content_type": 58,
- "object_pk": "98",
- "object_id": 98,
- "object_repr": "HttpOnlyCookies In Config (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.091223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"98\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.086223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.086Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 152,
- "fields": {
- "content_type": 58,
- "object_pk": "99",
- "object_id": 99,
- "object_repr": "Use of Hard coded Cryptographic Key (AES.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.247223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"99\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\\n\\n**Line Number:** 50\\n**Column:** 43\\n**Source Object:** \\\"\\\"AES/ECB/NoPadding\\\"\\\"\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 42\\n**Source Object:** getInstance\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 19\\n**Source Object:** c2\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"53\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.245223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.100Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 153,
- "fields": {
- "content_type": 58,
- "object_pk": "100",
- "object_id": 100,
- "object_repr": "Improper Resource Shutdown or Release (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.418223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"100\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\\n\\n**Line Number:** 13\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.415223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.114Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 154,
- "fields": {
- "content_type": 58,
- "object_pk": "101",
- "object_id": 101,
- "object_repr": "CGI Reflected XSS All Clients (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.575223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"101\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"141\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.572223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.128Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 155,
- "fields": {
- "content_type": 58,
- "object_pk": "102",
- "object_id": 102,
- "object_repr": "Stored XSS (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.732223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"102\"], \"title\": [\"None\", \"Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\" | \\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"19\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.730223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.142Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 156,
- "fields": {
- "content_type": 58,
- "object_pk": "103",
- "object_id": 103,
- "object_repr": "Information Exposure Through an Error Message (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.890223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"103\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\\n\\n**Line Number:** 62\\n**Column:** 371\\n**Source Object:** e\\n**Number:** 62\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 65\\n**Column:** 391\\n**Source Object:** e\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 65\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"65\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.887223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.156Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 157,
- "fields": {
- "content_type": 58,
- "object_pk": "104",
- "object_id": 104,
- "object_repr": "Improper Resource Access Authorization (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.061223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"104\"], \"title\": [\"None\", \"Improper Resource Access Authorization (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\\n\\n**Line Number:** 14\\n**Column:** 396\\n**Source Object:** execute\\n**Number:** 14\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.057223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.170Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 158,
- "fields": {
- "content_type": 58,
- "object_pk": "105",
- "object_id": 105,
- "object_repr": "Improper Resource Access Authorization (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.230223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"105\"], \"title\": [\"None\", \"Improper Resource Access Authorization (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\\n\\n**Line Number:** 14\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.227223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.184Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 159,
- "fields": {
- "content_type": 58,
- "object_pk": "106",
- "object_id": 106,
- "object_repr": "Improper Resource Shutdown or Release (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.390223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"106\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\\n\\n**Line Number:** 1\\n**Column:** 669\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1589\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 15\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 15\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Users\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 27\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Baskets\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 40\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 40\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"40\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.387223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.198Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 160,
- "fields": {
- "content_type": 58,
- "object_pk": "107",
- "object_id": 107,
- "object_repr": "Information Exposure Through an Error Message (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.553223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"107\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\\n\\n**Line Number:** 55\\n**Column:** 377\\n**Source Object:** e\\n**Number:** 55\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 58\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 58\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"58\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.551223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.212Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 161,
- "fields": {
- "content_type": 58,
- "object_pk": "108",
- "object_id": 108,
- "object_repr": "Blind SQL Injections (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.698223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"108\"], \"title\": [\"None\", \"Blind SQL Injections (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"30\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.693223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.225Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 162,
- "fields": {
- "content_type": 58,
- "object_pk": "109",
- "object_id": 109,
- "object_repr": "Reliance on Cookies in a Decision (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.847223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"109\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\\n\\n**Line Number:** 35\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 39\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 40\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 45\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 45\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"45\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.844223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.241Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 163,
- "fields": {
- "content_type": 58,
- "object_pk": "110",
- "object_id": 110,
- "object_repr": "Download of Code Without Integrity Check (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.992223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"110\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.989223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.255Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 164,
- "fields": {
- "content_type": 58,
- "object_pk": "111",
- "object_id": 111,
- "object_repr": "Unsynchronized Access To Shared Data (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.133223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"111\"], \"title\": [\"None\", \"Unsynchronized Access To Shared Data (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"567\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\\n\\n**Line Number:** 93\\n**Column:** 24\\n**Source Object:** jsonEmpty\\n**Number:** 93\\n**Code:** return this.jsonEmpty;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"93\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.130223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.269Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 165,
- "fields": {
- "content_type": 58,
- "object_pk": "112",
- "object_id": 112,
- "object_repr": "Empty Password In Connection String (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.272223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"112\"], \"title\": [\"None\", \"Empty Password In Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.269223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.282Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 166,
- "fields": {
- "content_type": 58,
- "object_pk": "113",
- "object_id": 113,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.425223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"113\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\\n\\n**Line Number:** 1\\n**Column:** 670\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1590\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 12\\n**Column:** 368\\n**Source Object:** conn\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 388\\n**Source Object:** createStatement\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 361\\n**Source Object:** stmt\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 15\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 383\\n**Source Object:** getInt\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 360\\n**Source Object:** userid\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 23\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 23\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n**Line Number:** 37\\n**Column:** 396\\n**Source Object:** getAttribute\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 358\\n**Source Object:** userid\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 420\\n**Source Object:** userid\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 376\\n**Source Object:** executeQuery\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 111\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 111\\n**Code:** rs.next();\\n-----\\n**Line Number:** 112\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 379\\n**Source Object:** getInt\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.422223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.296Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 167,
- "fields": {
- "content_type": 58,
- "object_pk": "114",
- "object_id": 114,
- "object_repr": "Improper Resource Access Authorization (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.583223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"114\"], \"title\": [\"None\", \"Improper Resource Access Authorization (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.580223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.310Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 168,
- "fields": {
- "content_type": 58,
- "object_pk": "115",
- "object_id": 115,
- "object_repr": "Session Fixation (logout.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.757223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"115\"], \"title\": [\"None\", \"Session Fixation (logout.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\\n\\n**Line Number:** 3\\n**Column:** 370\\n**Source Object:** setAttribute\\n**Number:** 3\\n**Code:** session.setAttribute(\\\"username\\\", null);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"3\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.754223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/logout.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.324Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 169,
- "fields": {
- "content_type": 58,
- "object_pk": "116",
- "object_id": 116,
- "object_repr": "Hardcoded password in Connection String (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.920223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"116\"], \"title\": [\"None\", \"Hardcoded password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.913223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.337Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 170,
- "fields": {
- "content_type": 58,
- "object_pk": "117",
- "object_id": 117,
- "object_repr": "Hardcoded password in Connection String (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.100223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"117\"], \"title\": [\"None\", \"Hardcoded password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 860\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.097223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.351Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 171,
- "fields": {
- "content_type": 58,
- "object_pk": "118",
- "object_id": 118,
- "object_repr": "Improper Resource Access Authorization (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.303223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"118\"], \"title\": [\"None\", \"Improper Resource Access Authorization (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.299223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.365Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 172,
- "fields": {
- "content_type": 58,
- "object_pk": "119",
- "object_id": 119,
- "object_repr": "Improper Resource Access Authorization (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.529223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"119\"], \"title\": [\"None\", \"Improper Resource Access Authorization (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\\n\\n**Line Number:** 91\\n**Column:** 14\\n**Source Object:** executeQuery\\n**Number:** 91\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"91\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.526223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.381Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 173,
- "fields": {
- "content_type": 58,
- "object_pk": "120",
- "object_id": 120,
- "object_repr": "Empty Password In Connection String (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.704223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"120\"], \"title\": [\"None\", \"Empty Password In Connection String (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.700223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.395Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 174,
- "fields": {
- "content_type": 58,
- "object_pk": "121",
- "object_id": 121,
- "object_repr": "Improper Resource Shutdown or Release (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.884223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"121\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\\n\\n**Line Number:** 21\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.881223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.409Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 175,
- "fields": {
- "content_type": 58,
- "object_pk": "122",
- "object_id": 122,
- "object_repr": "Improper Resource Shutdown or Release (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.056223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"122\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\\n\\n**Line Number:** 1\\n**Column:** 691\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1611\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 97\\n**Column:** 353\\n**Source Object:** conn\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 373\\n**Source Object:** createStatement\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"97\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.052223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.424Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 176,
- "fields": {
- "content_type": 58,
- "object_pk": "123",
- "object_id": 123,
- "object_repr": "Empty Password In Connection String (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.205223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"123\"], \"title\": [\"None\", \"Empty Password In Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.202223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.437Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 177,
- "fields": {
- "content_type": 58,
- "object_pk": "124",
- "object_id": 124,
- "object_repr": "Information Exposure Through an Error Message (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.350223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"124\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\\n\\n**Line Number:** 60\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 60\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 63\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 63\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"63\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.347223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.451Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 178,
- "fields": {
- "content_type": 58,
- "object_pk": "125",
- "object_id": 125,
- "object_repr": "Use of Insufficiently Random Values (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.512223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"125\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"54\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.508223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.465Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 179,
- "fields": {
- "content_type": 58,
- "object_pk": "126",
- "object_id": 126,
- "object_repr": "Stored XSS (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.665223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"126\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 89\\n**Column:** 401\\n**Source Object:** getAttribute\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.662223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.478Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 180,
- "fields": {
- "content_type": 58,
- "object_pk": "127",
- "object_id": 127,
- "object_repr": "HttpOnlyCookies (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.806223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"127\"], \"title\": [\"None\", \"HttpOnlyCookies (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\\n\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"35\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.803223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.492Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 181,
- "fields": {
- "content_type": 58,
- "object_pk": "128",
- "object_id": 128,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.969223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"128\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\\n\\n**Line Number:** 61\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 61\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"61\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.966223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.505Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 182,
- "fields": {
- "content_type": 58,
- "object_pk": "129",
- "object_id": 129,
- "object_repr": "Information Exposure Through an Error Message (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.115223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"129\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\\n\\n**Line Number:** 96\\n**Column:** 18\\n**Source Object:** e\\n**Number:** 96\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 99\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 99\\n**Column:** 9\\n**Source Object:** println\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"99\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.112223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.518Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 183,
- "fields": {
- "content_type": 58,
- "object_pk": "130",
- "object_id": 130,
- "object_repr": "Race Condition Format Flaw (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.272223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"130\"], \"title\": [\"None\", \"Race Condition Format Flaw (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\\n\\n**Line Number:** 51\\n**Column:** 400\\n**Source Object:** format\\n**Number:** 51\\n**Code:** \\\"\\\" + nf.format(price) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"51\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.269223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.533Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 184,
- "fields": {
- "content_type": 58,
- "object_pk": "131",
- "object_id": 131,
- "object_repr": "Stored XSS (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.428223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"131\"], \"title\": [\"None\", \"Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.424223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.549Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 185,
- "fields": {
- "content_type": 58,
- "object_pk": "132",
- "object_id": 132,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.606223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"132\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1593\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 26\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 29\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 31\\n**Code:** rs.next();\\n-----\\n**Line Number:** 32\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 377\\n**Source Object:** getInt\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 353\\n**Source Object:** userid\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 36\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 36\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.603223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.565Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 186,
- "fields": {
- "content_type": 58,
- "object_pk": "133",
- "object_id": 133,
- "object_repr": "Heap Inspection (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.772223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"133\"], \"title\": [\"None\", \"Heap Inspection (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\\n\\n**Line Number:** 1\\n**Column:** 563\\n**Source Object:** passwordSize\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.769223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.580Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 187,
- "fields": {
- "content_type": 58,
- "object_pk": "134",
- "object_id": 134,
- "object_repr": "CGI Reflected XSS All Clients (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.918223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"134\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.915223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.597Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 188,
- "fields": {
- "content_type": 58,
- "object_pk": "135",
- "object_id": 135,
- "object_repr": "Empty Password In Connection String (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.071223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"135\"], \"title\": [\"None\", \"Empty Password In Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.068223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.611Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 189,
- "fields": {
- "content_type": 58,
- "object_pk": "136",
- "object_id": 136,
- "object_repr": "Information Exposure Through an Error Message (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.219223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"136\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\\n\\n**Line Number:** 95\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 95\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 98\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 98\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"98\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.216223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.626Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 190,
- "fields": {
- "content_type": 58,
- "object_pk": "137",
- "object_id": 137,
- "object_repr": "XSRF (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.406223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"137\"], \"title\": [\"None\", \"XSRF (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"352\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.403223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.642Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 191,
- "fields": {
- "content_type": 58,
- "object_pk": "138",
- "object_id": 138,
- "object_repr": "Download of Code Without Integrity Check (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.584223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"138\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\\n\\n**Line Number:** 1\\n**Column:** 778\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.581223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.657Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 192,
- "fields": {
- "content_type": 58,
- "object_pk": "139",
- "object_id": 139,
- "object_repr": "Improper Resource Access Authorization (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.769223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"139\"], \"title\": [\"None\", \"Improper Resource Access Authorization (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\\n\\n**Line Number:** 29\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.760223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.671Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 193,
- "fields": {
- "content_type": 58,
- "object_pk": "140",
- "object_id": 140,
- "object_repr": "SQL Injection (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.312223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"140\"], \"title\": [\"None\", \"SQL Injection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"30\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.309223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.685Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 194,
- "fields": {
- "content_type": 58,
- "object_pk": "141",
- "object_id": 141,
- "object_repr": "Download of Code Without Integrity Check (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.478223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"141\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.476223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.699Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 195,
- "fields": {
- "content_type": 58,
- "object_pk": "142",
- "object_id": 142,
- "object_repr": "Missing X Frame Options (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.650223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"142\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.647223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.712Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 196,
- "fields": {
- "content_type": 58,
- "object_pk": "143",
- "object_id": 143,
- "object_repr": "Information Exposure Through an Error Message (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.832223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"143\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\\n\\n**Line Number:** 132\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 132\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 134\\n**Column:** 13\\n**Source Object:** e\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n**Line Number:** 134\\n**Column:** 30\\n**Source Object:** printStackTrace\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"134\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.829223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.726Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 197,
- "fields": {
- "content_type": 58,
- "object_pk": "144",
- "object_id": 144,
- "object_repr": "Improper Resource Shutdown or Release (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.993223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"144\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\\n\\n**Line Number:** 1\\n**Column:** 688\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1608\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 13\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT COUNT (*) FROM Products\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 25\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"25\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.990223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.739Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 198,
- "fields": {
- "content_type": 58,
- "object_pk": "145",
- "object_id": 145,
- "object_repr": "Reflected XSS All Clients (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.179223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"145\"], \"title\": [\"None\", \"Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"141\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.177223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.753Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 199,
- "fields": {
- "content_type": 58,
- "object_pk": "146",
- "object_id": 146,
- "object_repr": "HttpOnlyCookies (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.355223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"146\"], \"title\": [\"None\", \"HttpOnlyCookies (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\\n\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"46\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.351223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.766Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 200,
- "fields": {
- "content_type": 58,
- "object_pk": "147",
- "object_id": 147,
- "object_repr": "CGI Reflected XSS All Clients (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.525223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"147\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.522223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.780Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 201,
- "fields": {
- "content_type": 58,
- "object_pk": "148",
- "object_id": 148,
- "object_repr": "Hardcoded password in Connection String (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.692223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"148\"], \"title\": [\"None\", \"Hardcoded password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 725\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.689223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.793Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 202,
- "fields": {
- "content_type": 58,
- "object_pk": "149",
- "object_id": 149,
- "object_repr": "Client Insecure Randomness (encryption.js)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.867223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"149\"], \"title\": [\"None\", \"Client Insecure Randomness (encryption.js)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\\n\\n**Line Number:** 127\\n**Column:** 28\\n**Source Object:** random\\n**Number:** 127\\n**Code:** var h = Math.floor(Math.random() * 65535);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"127\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.864223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/js/encryption.js\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.807Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 203,
- "fields": {
- "content_type": 58,
- "object_pk": "150",
- "object_id": 150,
- "object_repr": "SQL Injection (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.039223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"150\"], \"title\": [\"None\", \"SQL Injection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.036223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.820Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 204,
- "fields": {
- "content_type": 58,
- "object_pk": "151",
- "object_id": 151,
- "object_repr": "Stored XSS (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.194223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"151\"], \"title\": [\"None\", \"Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"257\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.190223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.835Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 205,
- "fields": {
- "content_type": 58,
- "object_pk": "152",
- "object_id": 152,
- "object_repr": "CGI Stored XSS (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.361223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"152\"], \"title\": [\"None\", \"CGI Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.358223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.851Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 206,
- "fields": {
- "content_type": 58,
- "object_pk": "153",
- "object_id": 153,
- "object_repr": "Not Using a Random IV with CBC Mode (AES.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.549223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"153\"], \"title\": [\"None\", \"Not Using a Random IV with CBC Mode (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"329\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\\n\\n**Line Number:** 96\\n**Column:** 71\\n**Source Object:** ivBytes\\n**Number:** 96\\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.547223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.866Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 207,
- "fields": {
- "content_type": 58,
- "object_pk": "154",
- "object_id": 154,
- "object_repr": "Collapse of Data into Unsafe Value (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.701223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"154\"], \"title\": [\"None\", \"Collapse of Data into Unsafe Value (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"182\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\\n\\n**Line Number:** 19\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.698223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.880Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 208,
- "fields": {
- "content_type": 58,
- "object_pk": "155",
- "object_id": 155,
- "object_repr": "Stored Boundary Violation (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.850223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"155\"], \"title\": [\"None\", \"Stored Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"646\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Stored\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"22\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.848223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.895Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 209,
- "fields": {
- "content_type": 58,
- "object_pk": "156",
- "object_id": 156,
- "object_repr": "Hardcoded password in Connection String (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.992223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"156\"], \"title\": [\"None\", \"Hardcoded password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 722\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.989223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.909Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 210,
- "fields": {
- "content_type": 58,
- "object_pk": "157",
- "object_id": 157,
- "object_repr": "Blind SQL Injections (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.139223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"157\"], \"title\": [\"None\", \"Blind SQL Injections (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.136223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.923Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 211,
- "fields": {
- "content_type": 58,
- "object_pk": "158",
- "object_id": 158,
- "object_repr": "Heap Inspection (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.281223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"158\"], \"title\": [\"None\", \"Heap Inspection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\\n\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"10\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.279223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.937Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 212,
- "fields": {
- "content_type": 58,
- "object_pk": "159",
- "object_id": 159,
- "object_repr": "Use of Cryptographically Weak PRNG (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.451223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"159\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.448223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.951Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 213,
- "fields": {
- "content_type": 58,
- "object_pk": "160",
- "object_id": 160,
- "object_repr": "Trust Boundary Violation (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.598223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"160\"], \"title\": [\"None\", \"Trust Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"501\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"22\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.594223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.964Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 214,
- "fields": {
- "content_type": 58,
- "object_pk": "161",
- "object_id": 161,
- "object_repr": "Information Exposure Through an Error Message (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.754223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"161\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\\n\\n**Line Number:** 52\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 52\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 53\\n**Column:** 387\\n**Source Object:** e\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n**Line Number:** 53\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"53\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.751223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.978Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 215,
- "fields": {
- "content_type": 58,
- "object_pk": "162",
- "object_id": 162,
- "object_repr": "Reliance on Cookies in a Decision (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.913223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"162\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\\n\\n**Line Number:** 38\\n**Column:** 388\\n**Source Object:** getCookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 41\\n**Column:** 373\\n**Source Object:** cookies\\n**Number:** 41\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 42\\n**Column:** 392\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 42\\n**Column:** 357\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 43\\n**Column:** 365\\n**Source Object:** cookie\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 280\\n**Column:** 356\\n**Source Object:** stmt\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n**Line Number:** 280\\n**Column:** 361\\n**Source Object:** !=\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"280\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.910223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:56.991Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 216,
- "fields": {
- "content_type": 58,
- "object_pk": "163",
- "object_id": 163,
- "object_repr": "Empty Password In Connection String (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.075223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"163\"], \"title\": [\"None\", \"Empty Password In Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.073223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.005Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 217,
- "fields": {
- "content_type": 58,
- "object_pk": "164",
- "object_id": 164,
- "object_repr": "Improper Resource Access Authorization (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.228223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"164\"], \"title\": [\"None\", \"Improper Resource Access Authorization (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\\n\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.225223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.019Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 218,
- "fields": {
- "content_type": 58,
- "object_pk": "165",
- "object_id": 165,
- "object_repr": "Client Cross Frame Scripting Attack (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.382223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"165\"], \"title\": [\"None\", \"Client Cross Frame Scripting Attack (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** JavaScript\\n**Group:** JavaScript Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\\n\\n**Line Number:** 1\\n**Column:** 1\\n**Source Object:** CxJSNS_1557034993\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.379223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.033Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 219,
- "fields": {
- "content_type": 58,
- "object_pk": "166",
- "object_id": 166,
- "object_repr": "Hardcoded password in Connection String (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.524223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"166\"], \"title\": [\"None\", \"Hardcoded password in Connection String (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\\n\\n**Line Number:** 1\\n**Column:** 737\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 707\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.520223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.047Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 220,
- "fields": {
- "content_type": 58,
- "object_pk": "167",
- "object_id": 167,
- "object_repr": "HttpOnlyCookies In Config (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.675223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"167\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.672223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.061Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 221,
- "fields": {
- "content_type": 58,
- "object_pk": "168",
- "object_id": 168,
- "object_repr": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.824223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"168\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\\n\\n**Line Number:** 40\\n**Column:** 13\\n**Source Object:** connection\\n**Number:** 40\\n**Code:** this.connection = conn;\\n-----\\n**Line Number:** 43\\n**Column:** 31\\n**Source Object:** getParameters\\n**Number:** 43\\n**Code:** this.getParameters();\\n-----\\n**Line Number:** 44\\n**Column:** 28\\n**Source Object:** setResults\\n**Number:** 44\\n**Code:** this.setResults();\\n-----\\n**Line Number:** 188\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 188\\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\\n-----\\n**Line Number:** 198\\n**Column:** 61\\n**Source Object:** isAjax\\n**Number:** 198\\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\\\", \\\") : result.getTrHTML());\\n-----\\n**Line Number:** 201\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 201\\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\\n-----\\n**Line Number:** 45\\n**Column:** 27\\n**Source Object:** setScores\\n**Number:** 45\\n**Code:** this.setScores();\\n-----\\n**Line Number:** 129\\n**Column:** 28\\n**Source Object:** isDebug\\n**Number:** 129\\n**Code:** if(this.isDebug()){\\n-----\\n**Line Number:** 130\\n**Column:** 21\\n**Source Object:** connection\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 48\\n**Source Object:** createStatement\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 58\\n**Source Object:** execute\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"130\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.821223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.075Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 222,
- "fields": {
- "content_type": 58,
- "object_pk": "169",
- "object_id": 169,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.976223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"169\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\\n\\n**Line Number:** 56\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 56\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"56\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.973223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.088Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 223,
- "fields": {
- "content_type": 58,
- "object_pk": "170",
- "object_id": 170,
- "object_repr": "CGI Reflected XSS All Clients (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.130223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"170\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"78\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.127223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.102Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 224,
- "fields": {
- "content_type": 58,
- "object_pk": "171",
- "object_id": 171,
- "object_repr": "Suspected XSS (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.275223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"171\"], \"title\": [\"None\", \"Suspected XSS (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\\n\\n**Line Number:** 57\\n**Column:** 360\\n**Source Object:** username\\n**Number:** 57\\n**Code:** | <%=username%> | \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"57\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.272223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.115Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 225,
- "fields": {
- "content_type": 58,
- "object_pk": "172",
- "object_id": 172,
- "object_repr": "Hardcoded password in Connection String (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.427223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"172\"], \"title\": [\"None\", \"Hardcoded password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 704\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.424223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.129Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 226,
- "fields": {
- "content_type": 58,
- "object_pk": "173",
- "object_id": 173,
- "object_repr": "Hardcoded password in Connection String (dbconnection.jspf)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.579223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"173\"], \"title\": [\"None\", \"Hardcoded password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.576223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.144Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 227,
- "fields": {
- "content_type": 58,
- "object_pk": "174",
- "object_id": 174,
- "object_repr": "Empty Password In Connection String (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.750223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"174\"], \"title\": [\"None\", \"Empty Password In Connection String (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.746223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.158Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 228,
- "fields": {
- "content_type": 58,
- "object_pk": "175",
- "object_id": 175,
- "object_repr": "Download of Code Without Integrity Check (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.910223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"175\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\\n\\n**Line Number:** 1\\n**Column:** 640\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.906223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.172Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 229,
- "fields": {
- "content_type": 58,
- "object_pk": "176",
- "object_id": 176,
- "object_repr": "Information Exposure Through an Error Message (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.073223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"176\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\\n\\n**Line Number:** 39\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 39\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 41\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 41\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"41\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.071223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.187Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 230,
- "fields": {
- "content_type": 58,
- "object_pk": "177",
- "object_id": 177,
- "object_repr": "SQL Injection (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.230223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"177\"], \"title\": [\"None\", \"SQL Injection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.227223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.202Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 231,
- "fields": {
- "content_type": 58,
- "object_pk": "178",
- "object_id": 178,
- "object_repr": "Empty Password In Connection String (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.396223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"178\"], \"title\": [\"None\", \"Empty Password In Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.392223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.216Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 232,
- "fields": {
- "content_type": 58,
- "object_pk": "179",
- "object_id": 179,
- "object_repr": "CGI Stored XSS (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.589223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"179\"], \"title\": [\"None\", \"CGI Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"19\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.583223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.231Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 233,
- "fields": {
- "content_type": 58,
- "object_pk": "180",
- "object_id": 180,
- "object_repr": "Plaintext Storage in a Cookie (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.758223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"180\"], \"title\": [\"None\", \"Plaintext Storage in a Cookie (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"315\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\\n\\n**Line Number:** 82\\n**Column:** 364\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 82\\n**Column:** 353\\n**Source Object:** basketId\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 84\\n**Column:** 391\\n**Source Object:** basketId\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"84\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.755223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.246Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 234,
- "fields": {
- "content_type": 58,
- "object_pk": "181",
- "object_id": 181,
- "object_repr": "Information Exposure Through an Error Message (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.921223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"181\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\\n\\n**Line Number:** 72\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 72\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 75\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 75\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"75\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.917223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.260Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 235,
- "fields": {
- "content_type": 58,
- "object_pk": "182",
- "object_id": 182,
- "object_repr": "Hardcoded password in Connection String (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.101223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"182\"], \"title\": [\"None\", \"Hardcoded password in Connection String (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\\n\\n**Line Number:** 1\\n**Column:** 792\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 762\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.096223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.275Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 236,
- "fields": {
- "content_type": 58,
- "object_pk": "183",
- "object_id": 183,
- "object_repr": "Stored XSS (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.261223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"183\"], \"title\": [\"None\", \"Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"21\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.258223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.289Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 237,
- "fields": {
- "content_type": 58,
- "object_pk": "184",
- "object_id": 184,
- "object_repr": "Download of Code Without Integrity Check (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.457223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"184\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\\n\\n**Line Number:** 1\\n**Column:** 621\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.454223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.303Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 238,
- "fields": {
- "content_type": 58,
- "object_pk": "185",
- "object_id": 185,
- "object_repr": "Empty Password In Connection String (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.632223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"185\"], \"title\": [\"None\", \"Empty Password In Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.627223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.317Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 239,
- "fields": {
- "content_type": 58,
- "object_pk": "186",
- "object_id": 186,
- "object_repr": "Heap Inspection (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.811223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"186\"], \"title\": [\"None\", \"Heap Inspection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\\n\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"8\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.807223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.331Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 240,
- "fields": {
- "content_type": 58,
- "object_pk": "187",
- "object_id": 187,
- "object_repr": "Download of Code Without Integrity Check (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.992223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"187\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\\n\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.989223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.345Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 241,
- "fields": {
- "content_type": 58,
- "object_pk": "188",
- "object_id": 188,
- "object_repr": "Session Fixation (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.146223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"188\"], \"title\": [\"None\", \"Session Fixation (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\\n\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** setAttribute\\n**Number:** 48\\n**Code:** this.session.setAttribute(\\\"key\\\", this.encryptKey);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"48\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.143223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.358Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 242,
- "fields": {
- "content_type": 58,
- "object_pk": "189",
- "object_id": 189,
- "object_repr": "Stored XSS (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.308223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"189\"], \"title\": [\"None\", \"Stored XSS (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\\n\\n**Line Number:** 34\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 34\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 38\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 38\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 42\\n**Column:** 398\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** \\\" | \\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 42\\n**Column:** 410\\n**Source Object:** getString\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 392\\n**Source Object:** concat\\n**Number:** 39\\n**Code:** output = output.concat(\\\"| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 39\\n**Column:** 370\\n**Source Object:** output\\n**Number:** 39\\n**Code:** output = output.concat(\\\" |
| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 49\\n**Column:** 355\\n**Source Object:** output\\n**Number:** 49\\n**Code:** <%= output %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.305223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.372Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 243,
- "fields": {
- "content_type": 58,
- "object_pk": "190",
- "object_id": 190,
- "object_repr": "Empty Password In Connection String (dbconnection.jspf)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.488223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"190\"], \"title\": [\"None\", \"Empty Password In Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.484223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.386Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 244,
- "fields": {
- "content_type": 58,
- "object_pk": "191",
- "object_id": 191,
- "object_repr": "Hardcoded password in Connection String (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.655223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"191\"], \"title\": [\"None\", \"Hardcoded password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2619\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.652223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.401Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 245,
- "fields": {
- "content_type": 58,
- "object_pk": "192",
- "object_id": 192,
- "object_repr": "Reflected XSS All Clients (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.814223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"192\"], \"title\": [\"None\", \"Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\" |
| \\\" + comments + \\\" |
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" |
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.811223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.415Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 246,
- "fields": {
- "content_type": 58,
- "object_pk": "193",
- "object_id": 193,
- "object_repr": "HttpOnlyCookies (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.984223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"193\"], \"title\": [\"None\", \"HttpOnlyCookies (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\\n\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"38\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.980223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.429Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 247,
- "fields": {
- "content_type": 58,
- "object_pk": "194",
- "object_id": 194,
- "object_repr": "Download of Code Without Integrity Check (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.152223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"194\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.148223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.444Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 248,
- "fields": {
- "content_type": 58,
- "object_pk": "195",
- "object_id": 195,
- "object_repr": "Stored XSS (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.364223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"195\"], \"title\": [\"None\", \"Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.359223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.459Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 249,
- "fields": {
- "content_type": 58,
- "object_pk": "196",
- "object_id": 196,
- "object_repr": "Empty Password In Connection String (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.557223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"196\"], \"title\": [\"None\", \"Empty Password In Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.552223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.474Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 250,
- "fields": {
- "content_type": 58,
- "object_pk": "197",
- "object_id": 197,
- "object_repr": "Reflected XSS All Clients (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.760223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"197\"], \"title\": [\"None\", \"Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.756223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.488Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 251,
- "fields": {
- "content_type": 58,
- "object_pk": "198",
- "object_id": 198,
- "object_repr": "Improper Resource Access Authorization (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.944223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"198\"], \"title\": [\"None\", \"Improper Resource Access Authorization (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"42\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.938223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.503Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 252,
- "fields": {
- "content_type": 58,
- "object_pk": "199",
- "object_id": 199,
- "object_repr": "Download of Code Without Integrity Check (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.131223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"199\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\\n\\n**Line Number:** 1\\n**Column:** 625\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.127223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.517Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 253,
- "fields": {
- "content_type": 58,
- "object_pk": "200",
- "object_id": 200,
- "object_repr": "Download of Code Without Integrity Check (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.335223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"200\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.333223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.531Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 254,
- "fields": {
- "content_type": 58,
- "object_pk": "201",
- "object_id": 201,
- "object_repr": "Improper Resource Access Authorization (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.529223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"201\"], \"title\": [\"None\", \"Improper Resource Access Authorization (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\\n\\n**Line Number:** 55\\n**Column:** 385\\n**Source Object:** executeQuery\\n**Number:** 55\\n**Code:** ResultSet rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE basketid = \\\" + basketId);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"55\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.526223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.548Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 255,
- "fields": {
- "content_type": 58,
- "object_pk": "202",
- "object_id": 202,
- "object_repr": "Race Condition Format Flaw (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.704223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"202\"], \"title\": [\"None\", \"Race Condition Format Flaw (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\\n\\n**Line Number:** 262\\n**Column:** 399\\n**Source Object:** format\\n**Number:** 262\\n**Code:** out.println(\\\" | \\\" + nf.format(pricetopay) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"262\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.701223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.563Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 256,
- "fields": {
- "content_type": 58,
- "object_pk": "203",
- "object_id": 203,
- "object_repr": "Empty Password In Connection String (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.904223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"203\"], \"title\": [\"None\", \"Empty Password In Connection String (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\\n\\n**Line Number:** 89\\n**Column:** 1\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 89\\n**Code:** c = DriverManager.getConnection(\\\"jdbc:hsqldb:mem:SQL\\\", \\\"sa\\\", \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.900223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.578Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 257,
- "fields": {
- "content_type": 58,
- "object_pk": "204",
- "object_id": 204,
- "object_repr": "Improper Resource Access Authorization (FunctionalZAP.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.097223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"204\"], \"title\": [\"None\", \"Improper Resource Access Authorization (FunctionalZAP.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\\n\\n**Line Number:** 31\\n**Column:** 37\\n**Source Object:** getProperty\\n**Number:** 31\\n**Code:** String target = System.getProperty(\\\"zap.targetApp\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.093223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.591Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 258,
- "fields": {
- "content_type": 58,
- "object_pk": "205",
- "object_id": 205,
- "object_repr": "Suspected XSS (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.273223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"205\"], \"title\": [\"None\", \"Suspected XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** username\\n**Number:** 7\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 89\\n**Column:** 356\\n**Source Object:** username\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.265223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.605Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 259,
- "fields": {
- "content_type": 58,
- "object_pk": "206",
- "object_id": 206,
- "object_repr": "Use of Cryptographically Weak PRNG (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.494223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"206\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.480223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.620Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 260,
- "fields": {
- "content_type": 58,
- "object_pk": "207",
- "object_id": 207,
- "object_repr": "CGI Stored XSS (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.726223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"207\"], \"title\": [\"None\", \"CGI Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.720223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.634Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 261,
- "fields": {
- "content_type": 58,
- "object_pk": "208",
- "object_id": 208,
- "object_repr": "Improper Resource Shutdown or Release (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.922223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"208\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\\n\\n**Line Number:** 1\\n**Column:** 2588\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2872\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3278\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3375\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3473\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3575\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3673\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3769\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3866\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3972\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4357\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4511\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4668\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4823\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5127\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5279\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5431\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5583\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5733\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5883\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6033\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6183\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6333\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6483\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6633\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6783\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6940\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7096\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7257\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7580\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7730\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7880\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8029\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8179\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8340\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8495\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8656\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8813\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8966\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9121\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9272\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9653\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9814\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9976\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10140\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10506\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10846\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10986\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11126\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11266\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11407\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11761\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11779\\n**Source Object:** prepareStatement\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11899\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.918223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.649Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 262,
- "fields": {
- "content_type": 58,
- "object_pk": "209",
- "object_id": 209,
- "object_repr": "Download of Code Without Integrity Check (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.098223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"209\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\\n\\n**Line Number:** 87\\n**Column:** 10\\n**Source Object:** forName\\n**Number:** 87\\n**Code:** Class.forName(\\\"org.hsqldb.jdbcDriver\\\" );\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"87\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.095223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.664Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 263,
- "fields": {
- "content_type": 58,
- "object_pk": "210",
- "object_id": 210,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.259223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"210\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\\n\\n**Line Number:** 1\\n**Column:** 728\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1648\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 53\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 53\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 240\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 274\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 274\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.256223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.679Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 264,
- "fields": {
- "content_type": 58,
- "object_pk": "211",
- "object_id": 211,
- "object_repr": "Blind SQL Injections (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.465223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"211\"], \"title\": [\"None\", \"Blind SQL Injections (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.461223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.753Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 265,
- "fields": {
- "content_type": 58,
- "object_pk": "212",
- "object_id": 212,
- "object_repr": "Client DOM Open Redirect (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.630223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"212\"], \"title\": [\"None\", \"Client DOM Open Redirect (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"601\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\\n\\n**Line Number:** 48\\n**Column:** 63\\n**Source Object:** href\\n**Number:** 48\\n**Code:** New Search\\n-----\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** location\\n**Number:** 48\\n**Code:** New Search\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"48\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.627223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.768Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 266,
- "fields": {
- "content_type": 58,
- "object_pk": "213",
- "object_id": 213,
- "object_repr": "Hardcoded password in Connection String (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.787223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"213\"], \"title\": [\"None\", \"Hardcoded password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.784223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.782Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 267,
- "fields": {
- "content_type": 58,
- "object_pk": "214",
- "object_id": 214,
- "object_repr": "CGI Stored XSS (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.936223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"214\"], \"title\": [\"None\", \"CGI Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"257\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.933223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.796Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 268,
- "fields": {
- "content_type": 58,
- "object_pk": "215",
- "object_id": 215,
- "object_repr": "Use of Insufficiently Random Values (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.133223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"215\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.129223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.811Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 269,
- "fields": {
- "content_type": 58,
- "object_pk": "216",
- "object_id": 216,
- "object_repr": "Missing X Frame Options (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.291223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"216\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.288223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.825Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 270,
- "fields": {
- "content_type": 58,
- "object_pk": "217",
- "object_id": 217,
- "object_repr": "Reflected XSS All Clients (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.455223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"217\"], \"title\": [\"None\", \"Reflected XSS All Clients (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\\n\\n**Line Number:** 10\\n**Column:** 395\\n**Source Object:** \\\"\\\"q\\\"\\\"\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 394\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** query\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 362\\n**Source Object:** query\\n**Number:** 13\\n**Code:** if (query.replaceAll(\\\"\\\\\\\\s\\\", \\\"\\\").toLowerCase().indexOf(\\\"\\\") >= 0) {\\n-----\\n**Line Number:** 18\\n**Column:** 380\\n**Source Object:** query\\n**Number:** 18\\n**Code:** You searched for: <%= query %>
\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"18\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.452223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.839Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 271,
- "fields": {
- "content_type": 58,
- "object_pk": "218",
- "object_id": 218,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.624223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"218\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\\n\\n**Line Number:** 84\\n**Column:** 372\\n**Source Object:** Cookie\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"84\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.621223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.854Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 272,
- "fields": {
- "content_type": 58,
- "object_pk": "219",
- "object_id": 219,
- "object_repr": "Information Exposure Through an Error Message (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.780223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"219\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\\n\\n**Line Number:** 35\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 35\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 37\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.777223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.868Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 273,
- "fields": {
- "content_type": 58,
- "object_pk": "220",
- "object_id": 220,
- "object_repr": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.990223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"220\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\\n\\n**Line Number:** 47\\n**Column:** 70\\n**Source Object:** 0\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 69\\n**Source Object:** substring\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 17\\n**Source Object:** encryptKey\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 17\\n**Column:** 374\\n**Source Object:** AdvancedSearch\\n**Number:** 17\\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\\n-----\\n**Line Number:** 18\\n**Column:** 357\\n**Source Object:** as\\n**Number:** 18\\n**Code:** if(as.isAjax()){\\n-----\\n**Line Number:** 26\\n**Column:** 20\\n**Source Object:** encryptKey\\n**Number:** 26\\n**Code:** private String encryptKey = null;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"26\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.984223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.882Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 274,
- "fields": {
- "content_type": 58,
- "object_pk": "221",
- "object_id": 221,
- "object_repr": "Reliance on Cookies in a Decision (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.162223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"221\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\\n\\n**Line Number:** 46\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 49\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 49\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 50\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 50\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 51\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 56\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 56\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"56\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.158223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.896Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 275,
- "fields": {
- "content_type": 58,
- "object_pk": "222",
- "object_id": 222,
- "object_repr": "Stored XSS (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.406223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"222\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\\n\\n**Line Number:** 63\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 63\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 66\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 66\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 68\\n**Column:** 411\\n**Source Object:** rs\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 423\\n**Source Object:** getString\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"68\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.402223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.910Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 276,
- "fields": {
- "content_type": 58,
- "object_pk": "223",
- "object_id": 223,
- "object_repr": "CGI Stored XSS (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.600223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"223\"], \"title\": [\"None\", \"CGI Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"21\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.596223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.924Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 277,
- "fields": {
- "content_type": 58,
- "object_pk": "224",
- "object_id": 224,
- "object_repr": "Heap Inspection (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.772223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"224\"], \"title\": [\"None\", \"Heap Inspection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"7\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.769223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.938Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 278,
- "fields": {
- "content_type": 58,
- "object_pk": "225",
- "object_id": 225,
- "object_repr": "Improper Resource Shutdown or Release (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.947223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"225\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\\n\\n**Line Number:** 1\\n**Column:** 721\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1641\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 20\\n**Column:** 371\\n**Source Object:** conn\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 391\\n**Source Object:** createStatement\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 364\\n**Source Object:** stmt\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 34\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 57\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 57\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"57\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.944223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.952Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 279,
- "fields": {
- "content_type": 58,
- "object_pk": "226",
- "object_id": 226,
- "object_repr": "Information Exposure Through an Error Message (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.129223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"226\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\\n\\n**Line Number:** 64\\n**Column:** 374\\n**Source Object:** e\\n**Number:** 64\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 65\\n**Column:** 357\\n**Source Object:** e\\n**Number:** 65\\n**Code:** if (e.getMessage().indexOf(\\\"Unique constraint violation\\\") >= 0) {\\n-----\\n**Line Number:** 70\\n**Column:** 392\\n**Source Object:** e\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 70\\n**Column:** 366\\n**Source Object:** println\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"70\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.126223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.967Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 280,
- "fields": {
- "content_type": 58,
- "object_pk": "227",
- "object_id": 227,
- "object_repr": "Improper Resource Access Authorization (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.301223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"227\"], \"title\": [\"None\", \"Improper Resource Access Authorization (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\\n\\n**Line Number:** 1\\n**Column:** 3261\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.296223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.980Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 281,
- "fields": {
- "content_type": 58,
- "object_pk": "228",
- "object_id": 228,
- "object_repr": "CGI Stored XSS (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.482223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"228\"], \"title\": [\"None\", \"CGI Stored XSS (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 14\\n**Column:** 38\\n**Source Object:** getAttribute\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 10\\n**Source Object:** username\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 52\\n**Source Object:** username\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 8\\n**Source Object:** println\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.479223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:57.995Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 282,
- "fields": {
- "content_type": 58,
- "object_pk": "229",
- "object_id": 229,
- "object_repr": "Blind SQL Injections (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.670223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"229\"], \"title\": [\"None\", \"Blind SQL Injections (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"173\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.667223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.009Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 283,
- "fields": {
- "content_type": 58,
- "object_pk": "230",
- "object_id": 230,
- "object_repr": "HttpOnlyCookies In Config (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.875223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"230\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.855223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.023Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 284,
- "fields": {
- "content_type": 58,
- "object_pk": "231",
- "object_id": 231,
- "object_repr": "Use of Hard coded Cryptographic Key (AES.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:43.252223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"231\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\\n\\n**Line Number:** 50\\n**Column:** 43\\n**Source Object:** \\\"\\\"AES/ECB/NoPadding\\\"\\\"\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 42\\n**Source Object:** getInstance\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 19\\n**Source Object:** c2\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"53\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:43.249223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.037Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 285,
- "fields": {
- "content_type": 58,
- "object_pk": "232",
- "object_id": 232,
- "object_repr": "Improper Resource Shutdown or Release (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:43.521223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"232\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\\n\\n**Line Number:** 13\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:43.516223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.051Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 286,
- "fields": {
- "content_type": 58,
- "object_pk": "233",
- "object_id": 233,
- "object_repr": "CGI Reflected XSS All Clients (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:43.816223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"233\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"141\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:43.811223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.066Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 287,
- "fields": {
- "content_type": 58,
- "object_pk": "234",
- "object_id": 234,
- "object_repr": "Stored XSS (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.090223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"234\"], \"title\": [\"None\", \"Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\" | \\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"19\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.082223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.079Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 288,
- "fields": {
- "content_type": 58,
- "object_pk": "235",
- "object_id": 235,
- "object_repr": "Information Exposure Through an Error Message (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.309223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"235\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\\n\\n**Line Number:** 62\\n**Column:** 371\\n**Source Object:** e\\n**Number:** 62\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 65\\n**Column:** 391\\n**Source Object:** e\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 65\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"65\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.305223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.094Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 289,
- "fields": {
- "content_type": 58,
- "object_pk": "236",
- "object_id": 236,
- "object_repr": "Improper Resource Access Authorization (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.506223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"236\"], \"title\": [\"None\", \"Improper Resource Access Authorization (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\\n\\n**Line Number:** 14\\n**Column:** 396\\n**Source Object:** execute\\n**Number:** 14\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.500223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.108Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 290,
- "fields": {
- "content_type": 58,
- "object_pk": "237",
- "object_id": 237,
- "object_repr": "Improper Resource Access Authorization (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.703223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"237\"], \"title\": [\"None\", \"Improper Resource Access Authorization (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\\n\\n**Line Number:** 14\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.700223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.122Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 291,
- "fields": {
- "content_type": 58,
- "object_pk": "238",
- "object_id": 238,
- "object_repr": "Improper Resource Shutdown or Release (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.936223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"238\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\\n\\n**Line Number:** 1\\n**Column:** 669\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1589\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 15\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 15\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Users\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 27\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Baskets\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 40\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 40\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"40\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.930223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.137Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 292,
- "fields": {
- "content_type": 58,
- "object_pk": "239",
- "object_id": 239,
- "object_repr": "Information Exposure Through an Error Message (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:45.150223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"239\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\\n\\n**Line Number:** 55\\n**Column:** 377\\n**Source Object:** e\\n**Number:** 55\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 58\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 58\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"58\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:45.147223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.151Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 293,
- "fields": {
- "content_type": 58,
- "object_pk": "240",
- "object_id": 240,
- "object_repr": "Blind SQL Injections (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:45.387223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"240\"], \"title\": [\"None\", \"Blind SQL Injections (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"30\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:45.382223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.165Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 294,
- "fields": {
- "content_type": 58,
- "object_pk": "241",
- "object_id": 241,
- "object_repr": "Reliance on Cookies in a Decision (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:45.588223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"241\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\\n\\n**Line Number:** 35\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 39\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 40\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 45\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 45\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"45\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:45.583223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.179Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 295,
- "fields": {
- "content_type": 58,
- "object_pk": "242",
- "object_id": 242,
- "object_repr": "Download of Code Without Integrity Check (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:45.816223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"242\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:45.806223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.194Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 296,
- "fields": {
- "content_type": 58,
- "object_pk": "243",
- "object_id": 243,
- "object_repr": "Unsynchronized Access To Shared Data (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:46.040223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"243\"], \"title\": [\"None\", \"Unsynchronized Access To Shared Data (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"567\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\\n\\n**Line Number:** 93\\n**Column:** 24\\n**Source Object:** jsonEmpty\\n**Number:** 93\\n**Code:** return this.jsonEmpty;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"93\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:46.034223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.208Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 297,
- "fields": {
- "content_type": 58,
- "object_pk": "244",
- "object_id": 244,
- "object_repr": "Empty Password In Connection String (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:46.325223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"244\"], \"title\": [\"None\", \"Empty Password In Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:46.316223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.222Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 298,
- "fields": {
- "content_type": 58,
- "object_pk": "245",
- "object_id": 245,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:46.571223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"245\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\\n\\n**Line Number:** 1\\n**Column:** 670\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1590\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 12\\n**Column:** 368\\n**Source Object:** conn\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 388\\n**Source Object:** createStatement\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 361\\n**Source Object:** stmt\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 15\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 383\\n**Source Object:** getInt\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 360\\n**Source Object:** userid\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 23\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 23\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n**Line Number:** 37\\n**Column:** 396\\n**Source Object:** getAttribute\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 358\\n**Source Object:** userid\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 420\\n**Source Object:** userid\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 376\\n**Source Object:** executeQuery\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 111\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 111\\n**Code:** rs.next();\\n-----\\n**Line Number:** 112\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 379\\n**Source Object:** getInt\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:46.567223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.237Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 299,
- "fields": {
- "content_type": 58,
- "object_pk": "246",
- "object_id": 246,
- "object_repr": "Improper Resource Access Authorization (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:46.801223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"246\"], \"title\": [\"None\", \"Improper Resource Access Authorization (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:46.793223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.252Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 300,
- "fields": {
- "content_type": 58,
- "object_pk": "247",
- "object_id": 247,
- "object_repr": "Session Fixation (logout.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.007223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"247\"], \"title\": [\"None\", \"Session Fixation (logout.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\\n\\n**Line Number:** 3\\n**Column:** 370\\n**Source Object:** setAttribute\\n**Number:** 3\\n**Code:** session.setAttribute(\\\"username\\\", null);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"3\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.002223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/logout.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.268Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 301,
- "fields": {
- "content_type": 58,
- "object_pk": "248",
- "object_id": 248,
- "object_repr": "Hardcoded password in Connection String (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.229223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"248\"], \"title\": [\"None\", \"Hardcoded password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.225223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.284Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 302,
- "fields": {
- "content_type": 58,
- "object_pk": "249",
- "object_id": 249,
- "object_repr": "Hardcoded password in Connection String (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.445223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"249\"], \"title\": [\"None\", \"Hardcoded password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 860\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.440223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.298Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 303,
- "fields": {
- "content_type": 58,
- "object_pk": "250",
- "object_id": 250,
- "object_repr": "Improper Resource Access Authorization (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.662223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"250\"], \"title\": [\"None\", \"Improper Resource Access Authorization (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.659223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.313Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 304,
- "fields": {
- "content_type": 58,
- "object_pk": "251",
- "object_id": 251,
- "object_repr": "Improper Resource Access Authorization (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.867223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"251\"], \"title\": [\"None\", \"Improper Resource Access Authorization (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\\n\\n**Line Number:** 91\\n**Column:** 14\\n**Source Object:** executeQuery\\n**Number:** 91\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"91\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.864223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.331Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 305,
- "fields": {
- "content_type": 58,
- "object_pk": "252",
- "object_id": 252,
- "object_repr": "Empty Password In Connection String (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.018223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"252\"], \"title\": [\"None\", \"Empty Password In Connection String (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.015223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.344Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 306,
- "fields": {
- "content_type": 58,
- "object_pk": "253",
- "object_id": 253,
- "object_repr": "Improper Resource Shutdown or Release (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.175223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"253\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\\n\\n**Line Number:** 21\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.171223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.358Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 307,
- "fields": {
- "content_type": 58,
- "object_pk": "254",
- "object_id": 254,
- "object_repr": "Improper Resource Shutdown or Release (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.382223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"254\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\\n\\n**Line Number:** 1\\n**Column:** 691\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1611\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 97\\n**Column:** 353\\n**Source Object:** conn\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 373\\n**Source Object:** createStatement\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"97\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.378223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.374Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 308,
- "fields": {
- "content_type": 58,
- "object_pk": "255",
- "object_id": 255,
- "object_repr": "Empty Password In Connection String (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.563223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"255\"], \"title\": [\"None\", \"Empty Password In Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.560223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.388Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 309,
- "fields": {
- "content_type": 58,
- "object_pk": "256",
- "object_id": 256,
- "object_repr": "Information Exposure Through an Error Message (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.761223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"256\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\\n\\n**Line Number:** 60\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 60\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 63\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 63\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"63\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.755223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.402Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 310,
- "fields": {
- "content_type": 58,
- "object_pk": "257",
- "object_id": 257,
- "object_repr": "Use of Insufficiently Random Values (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.957223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"257\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"54\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.954223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.416Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 311,
- "fields": {
- "content_type": 58,
- "object_pk": "258",
- "object_id": 258,
- "object_repr": "Stored XSS (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:49.162223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"258\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 89\\n**Column:** 401\\n**Source Object:** getAttribute\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:49.157223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.430Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 312,
- "fields": {
- "content_type": 58,
- "object_pk": "259",
- "object_id": 259,
- "object_repr": "HttpOnlyCookies (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:49.539223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"259\"], \"title\": [\"None\", \"HttpOnlyCookies (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\\n\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"35\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:49.535223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.444Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 313,
- "fields": {
- "content_type": 58,
- "object_pk": "260",
- "object_id": 260,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:49.721223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"260\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\\n\\n**Line Number:** 61\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 61\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"61\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:49.716223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.459Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 314,
- "fields": {
- "content_type": 58,
- "object_pk": "261",
- "object_id": 261,
- "object_repr": "Information Exposure Through an Error Message (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:49.927223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"261\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\\n\\n**Line Number:** 96\\n**Column:** 18\\n**Source Object:** e\\n**Number:** 96\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 99\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 99\\n**Column:** 9\\n**Source Object:** println\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"99\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:49.923223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.473Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 315,
- "fields": {
- "content_type": 58,
- "object_pk": "262",
- "object_id": 262,
- "object_repr": "Race Condition Format Flaw (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.136223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"262\"], \"title\": [\"None\", \"Race Condition Format Flaw (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\\n\\n**Line Number:** 51\\n**Column:** 400\\n**Source Object:** format\\n**Number:** 51\\n**Code:** \\\"\\\" + nf.format(price) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"51\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.131223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.486Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 316,
- "fields": {
- "content_type": 58,
- "object_pk": "263",
- "object_id": 263,
- "object_repr": "Stored XSS (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.351223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"263\"], \"title\": [\"None\", \"Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.345223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.501Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 317,
- "fields": {
- "content_type": 58,
- "object_pk": "264",
- "object_id": 264,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.575223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"264\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1593\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 26\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 29\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 31\\n**Code:** rs.next();\\n-----\\n**Line Number:** 32\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 377\\n**Source Object:** getInt\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 353\\n**Source Object:** userid\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 36\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 36\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.571223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.517Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 318,
- "fields": {
- "content_type": 58,
- "object_pk": "265",
- "object_id": 265,
- "object_repr": "Heap Inspection (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.779223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"265\"], \"title\": [\"None\", \"Heap Inspection (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\\n\\n**Line Number:** 1\\n**Column:** 563\\n**Source Object:** passwordSize\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.772223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.532Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 319,
- "fields": {
- "content_type": 58,
- "object_pk": "266",
- "object_id": 266,
- "object_repr": "CGI Reflected XSS All Clients (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.992223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"266\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.988223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.549Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 320,
- "fields": {
- "content_type": 58,
- "object_pk": "267",
- "object_id": 267,
- "object_repr": "Empty Password In Connection String (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.212223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"267\"], \"title\": [\"None\", \"Empty Password In Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.206223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.563Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 321,
- "fields": {
- "content_type": 58,
- "object_pk": "268",
- "object_id": 268,
- "object_repr": "Information Exposure Through an Error Message (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.383223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"268\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\\n\\n**Line Number:** 95\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 95\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 98\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 98\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"98\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.380223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.580Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 322,
- "fields": {
- "content_type": 58,
- "object_pk": "269",
- "object_id": 269,
- "object_repr": "XSRF (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.544223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"269\"], \"title\": [\"None\", \"XSRF (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"352\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.541223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.596Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 323,
- "fields": {
- "content_type": 58,
- "object_pk": "270",
- "object_id": 270,
- "object_repr": "Download of Code Without Integrity Check (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.721223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"270\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\\n\\n**Line Number:** 1\\n**Column:** 778\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.719223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.611Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 324,
- "fields": {
- "content_type": 58,
- "object_pk": "271",
- "object_id": 271,
- "object_repr": "Improper Resource Access Authorization (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.877223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"271\"], \"title\": [\"None\", \"Improper Resource Access Authorization (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\\n\\n**Line Number:** 29\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.872223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.626Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 325,
- "fields": {
- "content_type": 58,
- "object_pk": "272",
- "object_id": 272,
- "object_repr": "Download of Code Without Integrity Check (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.049223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"272\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\\n\\n**Line Number:** 1\\n**Column:** 680\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.046223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.640Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 326,
- "fields": {
- "content_type": 58,
- "object_pk": "273",
- "object_id": 273,
- "object_repr": "Improper Resource Access Authorization (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.209223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"273\"], \"title\": [\"None\", \"Improper Resource Access Authorization (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\\n\\n**Line Number:** 12\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 12\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"12\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.205223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.655Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 327,
- "fields": {
- "content_type": 58,
- "object_pk": "274",
- "object_id": 274,
- "object_repr": "Use of Cryptographically Weak PRNG (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.388223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"274\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"54\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.385223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.669Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 328,
- "fields": {
- "content_type": 58,
- "object_pk": "275",
- "object_id": 275,
- "object_repr": "Improper Resource Shutdown or Release (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.571223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"275\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\\n\\n**Line Number:** 24\\n**Column:** 377\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 398\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 27\\n**Code:** stmt.setString(1, username);\\n-----\\n**Line Number:** 28\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 28\\n**Code:** stmt.setString(2, comments);\\n-----\\n**Line Number:** 29\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 29\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.568223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.684Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 329,
- "fields": {
- "content_type": 58,
- "object_pk": "276",
- "object_id": 276,
- "object_repr": "Reflected XSS All Clients (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.771223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"276\"], \"title\": [\"None\", \"Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"78\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.766223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.700Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 330,
- "fields": {
- "content_type": 58,
- "object_pk": "277",
- "object_id": 277,
- "object_repr": "Use of Insufficiently Random Values (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.938223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"277\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.933223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.714Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 331,
- "fields": {
- "content_type": 58,
- "object_pk": "278",
- "object_id": 278,
- "object_repr": "SQL Injection (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:53.124223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"278\"], \"title\": [\"None\", \"SQL Injection (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"173\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:53.121223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.729Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 332,
- "fields": {
- "content_type": 58,
- "object_pk": "279",
- "object_id": 279,
- "object_repr": "test",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:36:25.003223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"279\"], \"title\": [\"None\", \"test\"], \"date\": [\"None\", \"2021-11-03\"], \"url\": [\"None\", \"No url given\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"asdf\"], \"mitigation\": [\"None\", \"adf\"], \"impact\": [\"None\", \"asdf\"], \"steps_to_reproduce\": [\"None\", \"\"], \"severity_justification\": [\"None\", \"\"], \"references\": [\"None\", \"No references given\"], \"test\": [\"None\", \"Pen Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"hash_code\": [\"None\", \"df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.743Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 333,
- "fields": {
- "content_type": 58,
- "object_pk": "280",
- "object_id": 280,
- "object_repr": "notepad++.exe | CVE-2007-2666",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:44:35.863223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"280\"], \"title\": [\"None\", \"notepad++.exe | CVE-2007-2666\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"1035\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\\n\\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"name: 23961\\nsource: BID\\nurl: http://www.securityfocus.com/bid/23961\\n\\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\\nsource: BUGTRAQ\\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\\n\\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\\nsource: BUGTRAQ\\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\\n\\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\\nsource: CONFIRM\\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\\n\\nname: 3912\\nsource: MILW0RM\\nurl: http://www.milw0rm.com/exploits/3912\\n\\nname: ADV-2007-1794\\nsource: VUPEN\\nurl: http://www.vupen.com/english/advisories/2007/1794\\n\\nname: ADV-2007-1867\\nsource: VUPEN\\nurl: http://www.vupen.com/english/advisories/2007/1867\\n\\nname: notepadplus-rb-bo(34269)\\nsource: XF\\nurl: http://xforce.iss.net/xforce/xfdb/34269\\n\\nname: scintilla-rb-bo(34372)\\nsource: XF\\nurl: http://xforce.iss.net/xforce/xfdb/34372\\n\\n\"], \"test\": [\"None\", \"Dependency Check Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:44:35.859223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"notepad++.exe\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.773Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 334,
- "fields": {
- "content_type": 58,
- "object_pk": "281",
- "object_id": 281,
- "object_repr": "notepad++.exe | CVE-2008-3436",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:44:36.140223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"281\"], \"title\": [\"None\", \"notepad++.exe | CVE-2008-3436\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"1035\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"CWE-94 Improper Control of Generation of Code ('Code Injection')\\n\\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\\nsource: FULLDISC\\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\\n\\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\\nsource: MISC\\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\\n\\n\"], \"test\": [\"None\", \"Dependency Check Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:44:36.137223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"notepad++.exe\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.791Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 335,
- "fields": {
- "content_type": 58,
- "object_pk": "282",
- "object_id": 282,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:06.484223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"282\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Account\\\\ViewAccountInfo.aspx.cs\\nLine: 22\\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:06.480223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.807Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 336,
- "fields": {
- "content_type": 58,
- "object_pk": "283",
- "object_id": 283,
- "object_repr": ".NET Debugging Enabled",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:06.676223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"283\"], \"title\": [\"None\", \".NET Debugging Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Severity: Medium\\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Web.config\\nLine: 25\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:06.674223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.822Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 337,
- "fields": {
- "content_type": 58,
- "object_pk": "284",
- "object_id": 284,
- "object_repr": "URL Request Gets Path from Variable",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:06.857223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"284\"], \"title\": [\"None\", \"URL Request Gets Path from Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\PackageTracking.aspx.cs\\nLine: 72\\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:06.854223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.837Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 338,
- "fields": {
- "content_type": 58,
- "object_pk": "285",
- "object_id": 285,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.054223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"285\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\XtremelyEvilWebApp\\\\StealCookies.aspx.cs\\nLine: 19\\nCodeLine: TODO: Mail the cookie in real time.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.052223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.851Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 339,
- "fields": {
- "content_type": 58,
- "object_pk": "286",
- "object_id": 286,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.234223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"286\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\CustomerRepository.cs\\nLine: 41\\nCodeLine: TODO: Add try/catch logic\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.231223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.866Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 340,
- "fields": {
- "content_type": 58,
- "object_pk": "287",
- "object_id": 287,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.429223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"287\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\ShipperRepository.cs\\nLine: 37\\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.426223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.880Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 341,
- "fields": {
- "content_type": 58,
- "object_pk": "288",
- "object_id": 288,
- "object_repr": ".NET Debugging Enabled",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.619223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"288\"], \"title\": [\"None\", \".NET Debugging Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Severity: Medium\\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\XtremelyEvilWebApp\\\\Web.config\\nLine: 6\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.616223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.894Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 342,
- "fields": {
- "content_type": 58,
- "object_pk": "289",
- "object_id": 289,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.818223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"289\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Product.aspx.cs\\nLine: 58\\nCodeLine: TODO: Put this in try/catch as well\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.815223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.909Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 343,
- "fields": {
- "content_type": 58,
- "object_pk": "290",
- "object_id": 290,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.024223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"290\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Checkout\\\\Checkout.aspx.cs\\nLine: 145\\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.021223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.923Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 344,
- "fields": {
- "content_type": 58,
- "object_pk": "291",
- "object_id": 291,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.214223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"291\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Order.cs\\nLine: 27\\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.212223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.938Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 345,
- "fields": {
- "content_type": 58,
- "object_pk": "292",
- "object_id": 292,
- "object_repr": "URL Request Gets Path from Variable",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.407223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"292\"], \"title\": [\"None\", \"URL Request Gets Path from Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Account\\\\Register.aspx.cs\\nLine: 35\\nCodeLine: Response.Redirect(continueUrl);\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.405223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.953Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 346,
- "fields": {
- "content_type": 58,
- "object_pk": "293",
- "object_id": 293,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.576223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"293\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\BlogResponseRepository.cs\\nLine: 18\\nCodeLine: TODO: should put this in a try/catch\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.574223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.967Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 347,
- "fields": {
- "content_type": 58,
- "object_pk": "294",
- "object_id": 294,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.774223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"294\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\BlogEntryRepository.cs\\nLine: 18\\nCodeLine: TODO: should put this in a try/catch\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.770223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.981Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 348,
- "fields": {
- "content_type": 58,
- "object_pk": "295",
- "object_id": 295,
- "object_repr": "URL Request Gets Path from Variable",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.994223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"295\"], \"title\": [\"None\", \"URL Request Gets Path from Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\PackageTracking.aspx.cs\\nLine: 25\\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.991223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:58.995Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 349,
- "fields": {
- "content_type": 58,
- "object_pk": "296",
- "object_id": 296,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:09.157223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"296\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Cart.cs\\nLine: 16\\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:09.155223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.011Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 350,
- "fields": {
- "content_type": 58,
- "object_pk": "297",
- "object_id": 297,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:09.337223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"297\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Cart.cs\\nLine: 41\\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:09.334223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.025Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 351,
- "fields": {
- "content_type": 58,
- "object_pk": "298",
- "object_id": 298,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:09.514223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"298\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Product.aspx.cs\\nLine: 59\\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:09.511223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.039Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 352,
- "fields": {
- "content_type": 58,
- "object_pk": "299",
- "object_id": 299,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:09.700223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"299\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Checkout\\\\Checkout.aspx.cs\\nLine: 102\\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:09.697223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.053Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 353,
- "fields": {
- "content_type": 58,
- "object_pk": "300",
- "object_id": 300,
- "object_repr": "Password field with autocomplete enabled",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:17.890223\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"300\"], \"title\": [\"None\", \"Password field with autocomplete enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field with autocomplete enabled:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\\\"off\\\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\\n\\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\\n\"], \"impact\": [\"None\", \"Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\\n\\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.068Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 354,
- "fields": {
- "content_type": 58,
- "object_pk": "301",
- "object_id": 301,
- "object_repr": "Frameable response (potential Clickjacking)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:18.169223\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"301\"], \"title\": [\"None\", \"Frameable response (potential Clickjacking)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/logout.jsp\\n\\n\\nURL: http://localhost:8888/\\n\\n\\nURL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\\n\"], \"impact\": [\"None\", \"If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\\n\\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \\\"framebusting\\\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\\n\\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \\n\"], \"references\": [\"None\", \"\\n\\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.082Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 355,
- "fields": {
- "content_type": 58,
- "object_pk": "302",
- "object_id": 302,
- "object_repr": "Cross-site scripting (reflected)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:18.645223\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"302\"], \"title\": [\"None\", \"Cross-site scripting (reflected)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\\n\\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \\\" ' and =, should be replaced with the corresponding HTML entities (< > etc).\\n\\n\\n\\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\\n\"], \"impact\": [\"None\", \"Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\\n\\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\\n\\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\\n\\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \\n\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.096Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 356,
- "fields": {
- "content_type": 58,
- "object_pk": "303",
- "object_id": 303,
- "object_repr": "Unencrypted communications",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:18.860223\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"303\"], \"title\": [\"None\", \"Unencrypted communications\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\\n\"], \"impact\": [\"None\", \"The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\\n\\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \\n\\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\\n\"], \"references\": [\"None\", \"\\n\\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.110Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 357,
- "fields": {
- "content_type": 58,
- "object_pk": "304",
- "object_id": 304,
- "object_repr": "Password returned in later response",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:19.072223\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"304\"], \"title\": [\"None\", \"Password returned in later response\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\\n\"], \"impact\": [\"None\", \"Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.124Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 358,
- "fields": {
- "content_type": 58,
- "object_pk": "305",
- "object_id": 305,
- "object_repr": "Email addresses disclosed",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:19.278223\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"305\"], \"title\": [\"None\", \"Email addresses disclosed\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@test.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\\n\\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \\n\"], \"impact\": [\"None\", \"The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\\n\\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.138Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 359,
- "fields": {
- "content_type": 58,
- "object_pk": "306",
- "object_id": 306,
- "object_repr": "Cross-site request forgery",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:19.559223\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"306\"], \"title\": [\"None\", \"Cross-site request forgery\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\\n\\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \\n\"], \"impact\": [\"None\", \"Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\\n\\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\\n\\n\\n\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.152Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 360,
- "fields": {
- "content_type": 58,
- "object_pk": "307",
- "object_id": 307,
- "object_repr": "SQL injection",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:19.783223\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"307\"], \"title\": [\"None\", \"SQL injection\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \\n \\nThe database appears to be Microsoft SQL Server.\\n\\n\"], \"mitigation\": [\"None\", \"The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \\n\\n\\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\\n\\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \\n\\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\\n\\n\\n\"], \"impact\": [\"None\", \"SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\\n\\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \\n\"], \"references\": [\"None\", \"\\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.167Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 361,
- "fields": {
- "content_type": 58,
- "object_pk": "308",
- "object_id": 308,
- "object_repr": "Path-relative style sheet import",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:20.049223\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"308\"], \"title\": [\"None\", \"Path-relative style sheet import\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/logout.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \\n\\n * Setting the HTTP response header \\\"X-Frame-Options: deny\\\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\\n * Setting a modern doctype (e.g. \\\"\\\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\\n * Setting the HTTP response header \\\"X-Content-Type-Options: no sniff\\\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\\n\\n\\n\"], \"impact\": [\"None\", \"Path-relative style sheet import vulnerabilities arise when the following conditions hold:\\n\\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \\\"/original-path/file.php\\\" might import \\\"styles/main.css\\\").\\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \\\"/original-path/file.php/extra-junk/\\\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \\\"/original-path/file.php/extra-junk/styles/main.css\\\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\\n\\n\\n\\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\\n\\n * Executing arbitrary JavaScript using IE's expression() function.\\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\\n\\n\\n\"], \"references\": [\"None\", \"\\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.182Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 362,
- "fields": {
- "content_type": 58,
- "object_pk": "309",
- "object_id": 309,
- "object_repr": "Cleartext submission of password",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:20.461223\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"309\"], \"title\": [\"None\", \"Cleartext submission of password\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\\n\"], \"impact\": [\"None\", \"Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.198Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 363,
- "fields": {
- "content_type": 58,
- "object_pk": "310",
- "object_id": 310,
- "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:18.067223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"310\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 59\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(notFound)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:18.064223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.212Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 364,
- "fields": {
- "content_type": 58,
- "object_pk": "311",
- "object_id": 311,
- "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:18.320223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"311\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 58\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(value)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:18.317223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.225Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 365,
- "fields": {
- "content_type": 58,
- "object_pk": "312",
- "object_id": 312,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:18.592223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"312\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 165\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:18.590223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.240Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 366,
- "fields": {
- "content_type": 58,
- "object_pk": "313",
- "object_id": 313,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:18.815223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"313\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 82\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:18.813223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.254Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 367,
- "fields": {
- "content_type": 58,
- "object_pk": "314",
- "object_id": 314,
- "object_repr": "SQL string formatting-G201",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.003223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"314\"], \"title\": [\"None\", \"SQL string formatting-G201\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\\nLine number: 36-39\\nIssue Confidence: HIGH\\n\\nCode:\\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \\n\\t\\t\\t\\t\\t\\t\\t\\tFROM Profile as p,Users as u \\n\\t\\t\\t\\t\\t\\t\\t\\twhere p.user_id = u.id \\n\\t\\t\\t\\t\\t\\t\\t\\tand u.id=%s`,uid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19.000223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/sqli/function.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.269Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 368,
- "fields": {
- "content_type": 58,
- "object_pk": "315",
- "object_id": 315,
- "object_repr": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.202223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"315\"], \"title\": [\"None\", \"Blacklisted import crypto/md5: weak cryptographic primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 8\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19.199223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.283Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 369,
- "fields": {
- "content_type": 58,
- "object_pk": "316",
- "object_id": 316,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.412223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"316\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 124\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19.409223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.296Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 370,
- "fields": {
- "content_type": 58,
- "object_pk": "317",
- "object_id": 317,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.621223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"317\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 63\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19.618223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.310Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 371,
- "fields": {
- "content_type": 58,
- "object_pk": "318",
- "object_id": 318,
- "object_repr": "Use of weak cryptographic primitive-G401",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.850223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"318\"], \"title\": [\"None\", \"Use of weak cryptographic primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 164\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19.848223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.324Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 372,
- "fields": {
- "content_type": 58,
- "object_pk": "319",
- "object_id": 319,
- "object_repr": "Use of weak cryptographic primitive-G401",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.057223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"319\"], \"title\": [\"None\", \"Use of weak cryptographic primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 160\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.054223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.337Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 373,
- "fields": {
- "content_type": 58,
- "object_pk": "320",
- "object_id": 320,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.248223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"320\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 35\\nIssue Confidence: HIGH\\n\\nCode:\\nw.Write(b)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.246223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.351Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 374,
- "fields": {
- "content_type": 58,
- "object_pk": "321",
- "object_id": 321,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.441223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"321\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\\nLine number: 70\\nIssue Confidence: HIGH\\n\\nCode:\\nsqlmapDetected, _ := regexp.MatchString(\\\"sqlmap*\\\", userAgent)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.438223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/middleware/middleware.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.364Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 375,
- "fields": {
- "content_type": 58,
- "object_pk": "322",
- "object_id": 322,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.634223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"322\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\\nLine number: 73\\nIssue Confidence: HIGH\\n\\nCode:\\nw.Write([]byte(\\\"Forbidden\\\"))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.631223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/middleware/middleware.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.378Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 376,
- "fields": {
- "content_type": 58,
- "object_pk": "323",
- "object_id": 323,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.811223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"323\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/app.go\\nLine number: 79\\nIssue Confidence: HIGH\\n\\nCode:\\ns.ListenAndServe()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.808223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/app.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.392Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 377,
- "fields": {
- "content_type": 58,
- "object_pk": "324",
- "object_id": 324,
- "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.004223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"324\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 62\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(value)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.002223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.405Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 378,
- "fields": {
- "content_type": 58,
- "object_pk": "325",
- "object_id": 325,
- "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.191223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"325\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 63\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(vuln)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.189223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.419Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 379,
- "fields": {
- "content_type": 58,
- "object_pk": "326",
- "object_id": 326,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.369223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"326\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/setting/setting.go\\nLine number: 66\\nIssue Confidence: HIGH\\n\\nCode:\\n_ = db.QueryRow(sql).Scan(&version)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.366223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/setting/setting.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.432Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 380,
- "fields": {
- "content_type": 58,
- "object_pk": "327",
- "object_id": 327,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.561223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"327\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/setting/setting.go\\nLine number: 64\\nIssue Confidence: HIGH\\n\\nCode:\\ndb,_ := database.Connect()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.559223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/setting/setting.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.445Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 381,
- "fields": {
- "content_type": 58,
- "object_pk": "328",
- "object_id": 328,
- "object_repr": "Use of weak cryptographic primitive-G401",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.744223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"328\"], \"title\": [\"None\", \"Use of weak cryptographic primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 62\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.741223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.460Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 382,
- "fields": {
- "content_type": 58,
- "object_pk": "329",
- "object_id": 329,
- "object_repr": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.930223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"329\"], \"title\": [\"None\", \"Blacklisted import crypto/md5: weak cryptographic primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 7\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.928223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.474Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 383,
- "fields": {
- "content_type": 58,
- "object_pk": "330",
- "object_id": 330,
- "object_repr": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.124223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"330\"], \"title\": [\"None\", \"Blacklisted import crypto/md5: weak cryptographic primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 8\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.121223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.487Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 384,
- "fields": {
- "content_type": 58,
- "object_pk": "331",
- "object_id": 331,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.308223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"331\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/cookie.go\\nLine number: 42\\nIssue Confidence: HIGH\\n\\nCode:\\ncookie, _ := r.Cookie(name)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.306223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/cookie.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.501Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 385,
- "fields": {
- "content_type": 58,
- "object_pk": "332",
- "object_id": 332,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.551223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"332\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 42\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.548223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.516Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 386,
- "fields": {
- "content_type": 58,
- "object_pk": "333",
- "object_id": 333,
- "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.773223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"333\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 100\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(inlineJS)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.771223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.529Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 387,
- "fields": {
- "content_type": 58,
- "object_pk": "334",
- "object_id": 334,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.989223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"334\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 61\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.986223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.544Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 388,
- "fields": {
- "content_type": 58,
- "object_pk": "335",
- "object_id": 335,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:23.204223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"335\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 161\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:23.200223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.568Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 389,
- "fields": {
- "content_type": 58,
- "object_pk": "336",
- "object_id": 336,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:23.489223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"336\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 41\\nIssue Confidence: HIGH\\n\\nCode:\\ntemplate.ExecuteTemplate(w, name, data)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:23.486223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.587Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 390,
- "fields": {
- "content_type": 58,
- "object_pk": "337",
- "object_id": 337,
- "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:23.721223\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"337\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 45\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(text)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:23.717223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.604Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 391,
- "fields": {
- "content_type": 58,
- "object_pk": "338",
- "object_id": 338,
- "object_repr": "Password field with autocomplete enabled",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:05.946223\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"338\"], \"title\": [\"None\", \"Password field with autocomplete enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field with autocomplete enabled:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\\\"off\\\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\\n\\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\\n\"], \"impact\": [\"None\", \"Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\\n\\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:05.943223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.621Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 392,
- "fields": {
- "content_type": 58,
- "object_pk": "339",
- "object_id": 339,
- "object_repr": "Frameable response (potential Clickjacking)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:06.237223\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"339\"], \"title\": [\"None\", \"Frameable response (potential Clickjacking)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/logout.jsp\\n\\n\\nURL: http://localhost:8888/\\n\\n\\nURL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\\n\"], \"impact\": [\"None\", \"If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\\n\\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \\\"framebusting\\\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\\n\\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \\n\"], \"references\": [\"None\", \"\\n\\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:06.233223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.636Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 393,
- "fields": {
- "content_type": 58,
- "object_pk": "340",
- "object_id": 340,
- "object_repr": "Cross-site scripting (reflected)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:06.742223\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"340\"], \"title\": [\"None\", \"Cross-site scripting (reflected)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\\n\\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \\\" ' and =, should be replaced with the corresponding HTML entities (< > etc).\\n\\n\\n\\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\\n\"], \"impact\": [\"None\", \"Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\\n\\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\\n\\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\\n\\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \\n\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:06.738223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.651Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 394,
- "fields": {
- "content_type": 58,
- "object_pk": "341",
- "object_id": 341,
- "object_repr": "Unencrypted communications",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:07.038223\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"341\"], \"title\": [\"None\", \"Unencrypted communications\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\\n\"], \"impact\": [\"None\", \"The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\\n\\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \\n\\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\\n\"], \"references\": [\"None\", \"\\n\\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:07.036223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.669Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 395,
- "fields": {
- "content_type": 58,
- "object_pk": "342",
- "object_id": 342,
- "object_repr": "Password returned in later response",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:07.297223\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"342\"], \"title\": [\"None\", \"Password returned in later response\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\\n\"], \"impact\": [\"None\", \"Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:07.294223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.687Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 396,
- "fields": {
- "content_type": 58,
- "object_pk": "343",
- "object_id": 343,
- "object_repr": "Email addresses disclosed",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:07.547223\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"343\"], \"title\": [\"None\", \"Email addresses disclosed\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@test.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\\n\\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \\n\"], \"impact\": [\"None\", \"The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\\n\\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:07.545223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.705Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 397,
- "fields": {
- "content_type": 58,
- "object_pk": "344",
- "object_id": 344,
- "object_repr": "Cross-site request forgery",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:07.888223\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"344\"], \"title\": [\"None\", \"Cross-site request forgery\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\\n\\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \\n\"], \"impact\": [\"None\", \"Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\\n\\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\\n\\n\\n\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:07.885223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.722Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 398,
- "fields": {
- "content_type": 58,
- "object_pk": "345",
- "object_id": 345,
- "object_repr": "SQL injection",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:08.144223\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"345\"], \"title\": [\"None\", \"SQL injection\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \\n \\nThe database appears to be Microsoft SQL Server.\\n\\n\"], \"mitigation\": [\"None\", \"The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \\n\\n\\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\\n\\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \\n\\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\\n\\n\\n\"], \"impact\": [\"None\", \"SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\\n\\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \\n\"], \"references\": [\"None\", \"\\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:08.140223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.739Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 399,
- "fields": {
- "content_type": 58,
- "object_pk": "346",
- "object_id": 346,
- "object_repr": "Path-relative style sheet import",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:08.440223\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"346\"], \"title\": [\"None\", \"Path-relative style sheet import\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/logout.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \\n\\n * Setting the HTTP response header \\\"X-Frame-Options: deny\\\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\\n * Setting a modern doctype (e.g. \\\"\\\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\\n * Setting the HTTP response header \\\"X-Content-Type-Options: no sniff\\\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\\n\\n\\n\"], \"impact\": [\"None\", \"Path-relative style sheet import vulnerabilities arise when the following conditions hold:\\n\\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \\\"/original-path/file.php\\\" might import \\\"styles/main.css\\\").\\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \\\"/original-path/file.php/extra-junk/\\\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \\\"/original-path/file.php/extra-junk/styles/main.css\\\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\\n\\n\\n\\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\\n\\n * Executing arbitrary JavaScript using IE's expression() function.\\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\\n\\n\\n\"], \"references\": [\"None\", \"\\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:08.437223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.756Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 400,
- "fields": {
- "content_type": 58,
- "object_pk": "347",
- "object_id": 347,
- "object_repr": "Cleartext submission of password",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:08.906223\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"347\"], \"title\": [\"None\", \"Cleartext submission of password\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\\n\"], \"impact\": [\"None\", \"Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:08.902223\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"static_finding\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.781Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 401,
- "fields": {
- "content_type": 63,
- "object_pk": "1",
- "object_id": 1,
- "object_repr": "XSS template",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"1\"], \"title\": [\"None\", \"XSS template\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"XSS test template\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"template_match\": [\"None\", \"False\"], \"template_match_title\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.798Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 402,
- "fields": {
- "content_type": 63,
- "object_pk": "2",
- "object_id": 2,
- "object_repr": "SQLi template",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"2\"], \"title\": [\"None\", \"SQLi template\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"SQLi test template\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"template_match\": [\"None\", \"False\"], \"template_match_title\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.804Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 403,
- "fields": {
- "content_type": 63,
- "object_pk": "3",
- "object_id": 3,
- "object_repr": "CSRF template",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"id\": [\"None\", \"3\"], \"title\": [\"None\", \"CSRF template\"], \"severity\": [\"None\", \"MEDIUM\"], \"description\": [\"None\", \"CSRF test template\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"template_match\": [\"None\", \"False\"], \"template_match_title\": [\"None\", \"False\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.811Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 404,
- "fields": {
- "content_type": 67,
- "object_pk": "1",
- "object_id": 1,
- "object_repr": "Simple Builtin Risk Acceptance",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"name\": [\"None\", \"Simple Builtin Risk Acceptance\"], \"recommendation\": [\"None\", \"F\"], \"decision\": [\"None\", \"A\"], \"decision_details\": [\"None\", \"These findings are accepted using a simple risk acceptance without expiration date, approval document or compensating control information. Unaccept and use full risk acceptance if you need to have more control over those fields.\"], \"path\": [\"None\", \"\"], \"owner\": [\"None\", \"(admin)\"], \"reactivate_expired\": [\"None\", \"True\"], \"restart_sla_expired\": [\"None\", \"False\"], \"created\": [\"None\", \"2024-01-29 15:35:18.089223\"], \"updated\": [\"None\", \"2024-01-29 15:35:18.089223\"], \"id\": [\"None\", \"1\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:46:59.898Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 803,
- "fields": {
- "content_type": 28,
- "object_pk": "1",
- "object_id": 1,
- "object_repr": "BodgeIt",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"BodgeIt\"], \"description\": [\"None\", \"[Features](https://github.com/psiinon/bodgeit) and characteristics:\\r\\n\\r\\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\\r\\n* Self contained (no additional dependencies other than to 2 in the above line)\\r\\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\\r\\n* Cross platform\\r\\n* Open source\\r\\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"], \"team_manager\": [\"None\", \"(product_manager)\"], \"prod_type\": [\"None\", \"Commerce\"], \"id\": [\"None\", \"1\"], \"tid\": [\"None\", \"0\"], \"prod_numeric_grade\": [\"None\", \"5\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"internal\"], \"user_records\": [\"None\", \"1000000000\"], \"revenue\": [\"None\", \"1000.00\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"True\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:04.490Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 804,
- "fields": {
- "content_type": 28,
- "object_pk": "2",
- "object_id": 2,
- "object_repr": "Internal CRM App",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"Internal CRM App\"], \"description\": [\"None\", \"* New product in development that attempts to follow all best practices\"], \"product_manager\": [\"None\", \"(product_manager)\"], \"technical_contact\": [\"None\", \"(product_manager)\"], \"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Commerce\"], \"id\": [\"None\", \"2\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"medium\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"construction\"], \"origin\": [\"None\", \"internal\"], \"external_audience\": [\"None\", \"False\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:04.613Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 805,
- "fields": {
- "content_type": 28,
- "object_pk": "3",
- "object_id": 3,
- "object_repr": "Apple Accounting Software",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"Apple Accounting Software\"], \"description\": [\"None\", \"Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\\r\\n\\r\\n**Core modules**\\r\\n\\r\\n* Accounts receivable\\u2014where the company enters money received\\r\\n* Accounts payable\\u2014where the company enters its bills and pays money it owes\\r\\n* General ledger\\u2014the company's \\\"books\\\"\\r\\n* Billing\\u2014where the company produces invoices to clients/customers\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"], \"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Billing\"], \"id\": [\"None\", \"3\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"purchased\"], \"user_records\": [\"None\", \"5000\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:04.640Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 806,
- "fields": {
- "content_type": 38,
- "object_pk": "1",
- "object_id": 1,
- "object_repr": "Engagement: 1st Quarter Engagement (Jun 30, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"1st Quarter Engagement\"], \"description\": [\"None\", \"test Engagement\"], \"target_start\": [\"None\", \"2021-06-30\"], \"target_end\": [\"None\", \"2021-06-30\"], \"lead\": [\"None\", \"product_manager\"], \"product\": [\"None\", \"Internal CRM App\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"In Progress\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"1\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:04.733Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 807,
- "fields": {
- "content_type": 38,
- "object_pk": "2",
- "object_id": 2,
- "object_repr": "Engagement: April Monthly Engagement (Jun 30, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"April Monthly Engagement\"], \"description\": [\"None\", \"Requested by the team for regular manual checkup by the security team.\"], \"target_start\": [\"None\", \"2021-06-30\"], \"target_end\": [\"None\", \"2021-06-30\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-03 16:53:40.301000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"2\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:04.791Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 808,
- "fields": {
- "content_type": 38,
- "object_pk": "3",
- "object_id": 3,
- "object_repr": "Engagement: weekly engagement (Jun 21, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"weekly engagement\"], \"description\": [\"None\", \"test Engagement\"], \"target_start\": [\"None\", \"2021-06-21\"], \"target_end\": [\"None\", \"2021-06-22\"], \"lead\": [\"None\", \"product_manager\"], \"product\": [\"None\", \"Internal CRM App\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"3\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:04.848Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 809,
- "fields": {
- "content_type": 38,
- "object_pk": "4",
- "object_id": 4,
- "object_repr": "Engagement: Static Scan (Nov 03, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Static Scan\"], \"description\": [\"None\", \"Initial static scan for Bodgeit.\"], \"version\": [\"None\", \"v.1.2.0\"], \"target_start\": [\"None\", \"2021-11-03\"], \"target_end\": [\"None\", \"2021-11-10\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-03 16:52:49.157000\"], \"created\": [\"None\", \"2021-11-03 16:38:51.078000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"4\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:04.907Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 810,
- "fields": {
- "content_type": 38,
- "object_pk": "6",
- "object_id": 6,
- "object_repr": "Engagement: Quarterly PCI Scan (Jan 19, 2022)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Quarterly PCI Scan\"], \"description\": [\"None\", \"Reccuring Quarterly Scan\"], \"target_start\": [\"None\", \"2022-01-19\"], \"target_end\": [\"None\", \"2022-01-26\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-03 17:04:37.770000\"], \"created\": [\"None\", \"2021-11-03 17:03:19.811000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Not Started\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"6\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:04.966Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 811,
- "fields": {
- "content_type": 38,
- "object_pk": "7",
- "object_id": 7,
- "object_repr": "Engagement: Ad Hoc Engagement (Nov 03, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Ad Hoc Engagement\"], \"target_start\": [\"None\", \"2021-11-03\"], \"target_end\": [\"None\", \"2021-11-03\"], \"product\": [\"None\", \"Internal CRM App\"], \"updated\": [\"None\", \"2021-11-03 17:14:05.567000\"], \"created\": [\"None\", \"2021-11-03 17:14:05.567000\"], \"active\": [\"None\", \"False\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"7\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.031Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 812,
- "fields": {
- "content_type": 38,
- "object_pk": "8",
- "object_id": 8,
- "object_repr": "Engagement: Initial Assessment (Dec 20, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Initial Assessment\"], \"description\": [\"None\", \"This application needs to be assesed to determine the security posture.\"], \"version\": [\"None\", \"10.2.1\"], \"target_start\": [\"None\", \"2021-12-20\"], \"target_end\": [\"None\", \"2021-12-27\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"Apple Accounting Software\"], \"updated\": [\"None\", \"2021-11-03 17:22:19.912000\"], \"created\": [\"None\", \"2021-11-03 17:20:41.547000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Not Started\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"8\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.084Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 813,
- "fields": {
- "content_type": 38,
- "object_pk": "10",
- "object_id": 10,
- "object_repr": "Engagement: Multiple scanners (Nov 04, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Multiple scanners\"], \"description\": [\"None\", \"Example engagement with multiple scan types.\"], \"version\": [\"None\", \"1.2.1\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-04\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 14:27:29.906000\"], \"created\": [\"None\", \"2021-11-04 14:22:26.204000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"10\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.144Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 814,
- "fields": {
- "content_type": 38,
- "object_pk": "11",
- "object_id": 11,
- "object_repr": "Engagement: Manual PenTest (Dec 30, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Manual PenTest\"], \"description\": [\"None\", \"Please do a manual pentest before our next release to prod.\"], \"version\": [\"None\", \"1.9.1\"], \"target_start\": [\"None\", \"2021-12-30\"], \"target_end\": [\"None\", \"2022-01-02\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 14:33:33.053000\"], \"created\": [\"None\", \"2021-11-04 14:32:02.311000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Blocked\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"11\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.216Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 815,
- "fields": {
- "content_type": 38,
- "object_pk": "12",
- "object_id": 12,
- "object_repr": "Engagement: CI/CD Baseline Security Test (Nov 04, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"CI/CD Baseline Security Test\"], \"description\": [\"None\", \"\"], \"version\": [\"None\", \"1.1.2\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-11\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 14:45:34.557000\"], \"created\": [\"None\", \"2021-11-04 14:44:16.567000\"], \"active\": [\"None\", \"False\"], \"tracker\": [\"None\", \"https://github.com/psiinon/bodgeit\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"CI/CD\"], \"build_id\": [\"None\", \"89\"], \"commit_hash\": [\"None\", \"b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6\"], \"branch_tag\": [\"None\", \"master\"], \"source_code_management_uri\": [\"None\", \"https://github.com/psiinon/bodgeit\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"12\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.275Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 816,
- "fields": {
- "content_type": 38,
- "object_pk": "13",
- "object_id": 13,
- "object_repr": "Engagement: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"AdHoc Import - Fri, 17 Aug 2018 18:20:55\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-04\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 18:20:55.877000\"], \"created\": [\"None\", \"2021-11-04 18:20:55.877000\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"In Progress\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"13\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.336Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 817,
- "fields": {
- "content_type": 43,
- "object_pk": "1",
- "object_id": 1,
- "object_repr": "http://127.0.0.1//endpoint/420/edit/",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"1\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"127.0.0.1\"], \"port\": [\"None\", \"80\"], \"path\": [\"None\", \"/endpoint/420/edit/\"], \"product\": [\"None\", \"Internal CRM App\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.366Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 818,
- "fields": {
- "content_type": 43,
- "object_pk": "2",
- "object_id": 2,
- "object_repr": "ftp://localhost//",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"2\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"ftp\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"21\"], \"path\": [\"None\", \"/\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.389Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 819,
- "fields": {
- "content_type": 43,
- "object_pk": "3",
- "object_id": 3,
- "object_repr": "ssh://127.0.0.1",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"3\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"ssh\"], \"host\": [\"None\", \"127.0.0.1\"], \"port\": [\"None\", \"22\"], \"product\": [\"None\", \"Apple Accounting Software\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.409Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 820,
- "fields": {
- "content_type": 43,
- "object_pk": "4",
- "object_id": 4,
- "object_repr": "http://localhost:8888//bodgeit/login.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"4\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/login.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.429Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 821,
- "fields": {
- "content_type": 43,
- "object_pk": "5",
- "object_id": 5,
- "object_repr": "127.0.0.1",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"5\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"host\": [\"None\", \"127.0.0.1\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.449Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 822,
- "fields": {
- "content_type": 43,
- "object_pk": "6",
- "object_id": 6,
- "object_repr": "http://localhost:8888//bodgeit/register.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"6\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/register.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.469Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 823,
- "fields": {
- "content_type": 43,
- "object_pk": "7",
- "object_id": 7,
- "object_repr": "http://localhost:8888//bodgeit/password.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"7\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/password.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.491Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 824,
- "fields": {
- "content_type": 43,
- "object_pk": "8",
- "object_id": 8,
- "object_repr": "http://localhost:8888//bodgeit/",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"8\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.512Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 825,
- "fields": {
- "content_type": 43,
- "object_pk": "9",
- "object_id": 9,
- "object_repr": "http://localhost:8888//bodgeit/basket.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"9\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/basket.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.533Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 826,
- "fields": {
- "content_type": 43,
- "object_pk": "10",
- "object_id": 10,
- "object_repr": "http://localhost:8888//bodgeit/advanced.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"10\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/advanced.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.556Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 827,
- "fields": {
- "content_type": 43,
- "object_pk": "11",
- "object_id": 11,
- "object_repr": "http://localhost:8888//bodgeit/admin.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"11\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/admin.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.575Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 828,
- "fields": {
- "content_type": 43,
- "object_pk": "12",
- "object_id": 12,
- "object_repr": "http://localhost:8888//bodgeit/about.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"12\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/about.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.596Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 829,
- "fields": {
- "content_type": 43,
- "object_pk": "13",
- "object_id": 13,
- "object_repr": "http://localhost:8888//bodgeit/contact.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"13\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/contact.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.617Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 830,
- "fields": {
- "content_type": 43,
- "object_pk": "14",
- "object_id": 14,
- "object_repr": "http://localhost:8888//bodgeit/home.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"14\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/home.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.636Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 831,
- "fields": {
- "content_type": 43,
- "object_pk": "15",
- "object_id": 15,
- "object_repr": "http://localhost:8888//bodgeit/product.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"15\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/product.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.657Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 832,
- "fields": {
- "content_type": 43,
- "object_pk": "16",
- "object_id": 16,
- "object_repr": "http://localhost:8888//bodgeit/score.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"16\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/score.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.676Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 833,
- "fields": {
- "content_type": 43,
- "object_pk": "17",
- "object_id": 17,
- "object_repr": "http://localhost:8888//bodgeit/search.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"17\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/search.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.696Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 834,
- "fields": {
- "content_type": 43,
- "object_pk": "18",
- "object_id": 18,
- "object_repr": "http://localhost:8888//",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"18\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.715Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 835,
- "fields": {
- "content_type": 43,
- "object_pk": "19",
- "object_id": 19,
- "object_repr": "http://localhost:8888//bodgeit/logout.jsp",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"19\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/logout.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.737Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 836,
- "fields": {
- "content_type": 50,
- "object_pk": "3",
- "object_id": 3,
- "object_repr": "API Test",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-02-18 00:00:00\"], \"target_end\": [\"None\", \"2021-02-27 00:00:00\"], \"estimated_time\": [\"None\", \"00:00:00\"], \"actual_time\": [\"None\", \"00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"3\"], \"engagement\": [\"None\", \"Engagement: 1st Quarter Engagement (Jun 30, 2021)\"], \"test_type\": [\"None\", \"API Test\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.775Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 837,
- "fields": {
- "content_type": 50,
- "object_pk": "13",
- "object_id": 13,
- "object_repr": "API Test",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-03-21 01:00:00\"], \"target_end\": [\"None\", \"2021-03-22 01:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"13\"], \"engagement\": [\"None\", \"Engagement: April Monthly Engagement (Jun 30, 2021)\"], \"lead\": [\"None\", \"product_manager\"], \"test_type\": [\"None\", \"API Test\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.802Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 838,
- "fields": {
- "content_type": 50,
- "object_pk": "14",
- "object_id": 14,
- "object_repr": "API Test",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-02-18 00:00:00\"], \"target_end\": [\"None\", \"2021-02-27 00:00:00\"], \"estimated_time\": [\"None\", \"02:00:00\"], \"actual_time\": [\"None\", \"00:30:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"14\"], \"engagement\": [\"None\", \"Engagement: 1st Quarter Engagement (Jun 30, 2021)\"], \"test_type\": [\"None\", \"API Test\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.826Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 839,
- "fields": {
- "content_type": 50,
- "object_pk": "15",
- "object_id": 15,
- "object_repr": "Checkmarx Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-11-03 00:00:00\"], \"target_end\": [\"None\", \"2021-11-03 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-03 16:39:20.994000\"], \"created\": [\"None\", \"2021-11-03 16:39:20.994000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"15\"], \"engagement\": [\"None\", \"Engagement: Static Scan (Nov 03, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Checkmarx Scan\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.852Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 840,
- "fields": {
- "content_type": 50,
- "object_pk": "16",
- "object_id": 16,
- "object_repr": "Checkmarx Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-11-03 00:00:00\"], \"target_end\": [\"None\", \"2021-11-03 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-03 16:41:15.570000\"], \"created\": [\"None\", \"2021-11-03 16:41:15.570000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"16\"], \"engagement\": [\"None\", \"Engagement: Static Scan (Nov 03, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Checkmarx Scan\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.878Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 841,
- "fields": {
- "content_type": 50,
- "object_pk": "18",
- "object_id": 18,
- "object_repr": "Qualys Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2022-01-19 00:00:00\"], \"target_end\": [\"None\", \"2022-01-24 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-03 17:04:24.434000\"], \"created\": [\"None\", \"2021-11-03 17:03:36.758000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"18\"], \"engagement\": [\"None\", \"Engagement: Quarterly PCI Scan (Jan 19, 2022)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Qualys Scan\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.903Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 842,
- "fields": {
- "content_type": 50,
- "object_pk": "19",
- "object_id": 19,
- "object_repr": "Pen Test",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-11-03 17:14:05.611000\"], \"target_end\": [\"None\", \"2021-11-03 17:14:05.611000\"], \"updated\": [\"None\", \"2021-11-03 17:14:05.611000\"], \"created\": [\"None\", \"2021-11-03 17:14:05.611000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"19\"], \"engagement\": [\"None\", \"Engagement: Ad Hoc Engagement (Nov 03, 2021)\"], \"test_type\": [\"None\", \"Pen Test\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.926Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 843,
- "fields": {
- "content_type": 50,
- "object_pk": "20",
- "object_id": 20,
- "object_repr": "API Test",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-03 17:20:59.532000\"], \"created\": [\"None\", \"2021-11-03 17:20:59.532000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"20\"], \"engagement\": [\"None\", \"Engagement: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"API Test\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.951Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 844,
- "fields": {
- "content_type": 50,
- "object_pk": "21",
- "object_id": 21,
- "object_repr": "Nmap Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Staging\"], \"updated\": [\"None\", \"2021-11-03 17:21:13.841000\"], \"created\": [\"None\", \"2021-11-03 17:21:13.841000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"21\"], \"engagement\": [\"None\", \"Engagement: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Nmap Scan\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:05.977Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 845,
- "fields": {
- "content_type": 50,
- "object_pk": "22",
- "object_id": 22,
- "object_repr": "Dependency Check Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-03 17:21:32.142000\"], \"created\": [\"None\", \"2021-11-03 17:21:32.142000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"22\"], \"engagement\": [\"None\", \"Engagement: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Dependency Check Scan\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.004Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 846,
- "fields": {
- "content_type": 50,
- "object_pk": "23",
- "object_id": 23,
- "object_repr": "ZAP Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-03 17:21:52.246000\"], \"created\": [\"None\", \"2021-11-03 17:21:52.246000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"23\"], \"engagement\": [\"None\", \"Engagement: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"ZAP Scan\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.031Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 847,
- "fields": {
- "content_type": 50,
- "object_pk": "25",
- "object_id": 25,
- "object_repr": "Dependency Check Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 14:22:26.245000\"], \"created\": [\"None\", \"2021-11-04 14:22:26.245000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"25\"], \"engagement\": [\"None\", \"Engagement: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Dependency Check Scan\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.052Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 848,
- "fields": {
- "content_type": 50,
- "object_pk": "26",
- "object_id": 26,
- "object_repr": "VCG Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 14:23:56.881000\"], \"created\": [\"None\", \"2021-11-04 14:23:56.881000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"26\"], \"engagement\": [\"None\", \"Engagement: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"VCG Scan\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.075Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 849,
- "fields": {
- "content_type": 50,
- "object_pk": "28",
- "object_id": 28,
- "object_repr": "Burp Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 14:25:07.948000\"], \"created\": [\"None\", \"2021-11-04 14:25:07.949000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"28\"], \"engagement\": [\"None\", \"Engagement: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Burp Scan\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.102Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 850,
- "fields": {
- "content_type": 50,
- "object_pk": "29",
- "object_id": 29,
- "object_repr": "Manual Code Review",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-11 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 14:32:14.420000\"], \"created\": [\"None\", \"2021-11-04 14:32:14.420000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"29\"], \"engagement\": [\"None\", \"Engagement: Manual PenTest (Dec 30, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Manual Code Review\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.127Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 851,
- "fields": {
- "content_type": 50,
- "object_pk": "30",
- "object_id": 30,
- "object_repr": "Pen Test",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-11 00:00:00\"], \"environment\": [\"None\", \"Pre-prod\"], \"updated\": [\"None\", \"2021-11-04 14:32:25.930000\"], \"created\": [\"None\", \"2021-11-04 14:32:25.930000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"30\"], \"engagement\": [\"None\", \"Engagement: Manual PenTest (Dec 30, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Pen Test\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.153Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 852,
- "fields": {
- "content_type": 50,
- "object_pk": "31",
- "object_id": 31,
- "object_repr": "Gosec Scanner",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 14:45:08.465000\"], \"created\": [\"None\", \"2021-11-04 14:45:08.465000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"31\"], \"engagement\": [\"None\", \"Engagement: CI/CD Baseline Security Test (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Gosec Scanner\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.178Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 853,
- "fields": {
- "content_type": 50,
- "object_pk": "32",
- "object_id": 32,
- "object_repr": "Burp Scan",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 18:20:55.916000\"], \"created\": [\"None\", \"2021-11-04 18:20:55.916000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"32\"], \"engagement\": [\"None\", \"Engagement: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Burp Scan\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.204Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 854,
- "fields": {
- "content_type": 54,
- "object_pk": "2",
- "object_id": 2,
- "object_repr": "High Impact test finding",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"2\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"hash_code\": [\"None\", \"91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.239Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 855,
- "fields": {
- "content_type": 54,
- "object_pk": "3",
- "object_id": 3,
- "object_repr": "High Impact test finding",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"3\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.282Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 856,
- "fields": {
- "content_type": 54,
- "object_pk": "4",
- "object_id": 4,
- "object_repr": "High Impact test finding",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"4\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.325Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 857,
- "fields": {
- "content_type": 54,
- "object_pk": "5",
- "object_id": 5,
- "object_repr": "High Impact test finding",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"5\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.367Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 858,
- "fields": {
- "content_type": 54,
- "object_pk": "6",
- "object_id": 6,
- "object_repr": "High Impact test finding",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"6\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.407Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 859,
- "fields": {
- "content_type": 54,
- "object_pk": "7",
- "object_id": 7,
- "object_repr": "DUMMY FINDING",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"DUMMY FINDING\"], \"date\": [\"None\", \"2021-03-20\"], \"cwe\": [\"None\", \"1\"], \"url\": [\"None\", \"http://www.example.com\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"TEST finding\"], \"mitigation\": [\"None\", \"MITIGATION\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"7\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(product_manager)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(product_manager)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"1\"], \"reporter\": [\"None\", \"product_manager\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0\"], \"line\": [\"None\", \"100\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.448Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 860,
- "fields": {
- "content_type": 54,
- "object_pk": "8",
- "object_id": 8,
- "object_repr": "SQL Injection (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"8\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.018000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.021000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.494Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 861,
- "fields": {
- "content_type": 54,
- "object_pk": "9",
- "object_id": 9,
- "object_repr": "Download of Code Without Integrity Check (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"9\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.194000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.200000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.537Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 862,
- "fields": {
- "content_type": 54,
- "object_pk": "10",
- "object_id": 10,
- "object_repr": "Missing X Frame Options (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"10\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.376000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.379000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.575Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 863,
- "fields": {
- "content_type": 54,
- "object_pk": "11",
- "object_id": 11,
- "object_repr": "Information Exposure Through an Error Message (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\\n\\n**Line Number:** 132\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 132\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 134\\n**Column:** 13\\n**Source Object:** e\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n**Line Number:** 134\\n**Column:** 30\\n**Source Object:** printStackTrace\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"11\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.553000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc\"], \"line\": [\"None\", \"134\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.555000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.617Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 864,
- "fields": {
- "content_type": 54,
- "object_pk": "12",
- "object_id": 12,
- "object_repr": "Improper Resource Shutdown or Release (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\\n\\n**Line Number:** 1\\n**Column:** 688\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1608\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 13\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT COUNT (*) FROM Products\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 25\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"12\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.696000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27\"], \"line\": [\"None\", \"25\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.699000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.663Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 865,
- "fields": {
- "content_type": 54,
- "object_pk": "13",
- "object_id": 13,
- "object_repr": "Reflected XSS All Clients (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"13\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.866000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.869000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.707Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 866,
- "fields": {
- "content_type": 54,
- "object_pk": "14",
- "object_id": 14,
- "object_repr": "HttpOnlyCookies (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\\n\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"14\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.030000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924\"], \"line\": [\"None\", \"46\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.033000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.748Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 867,
- "fields": {
- "content_type": 54,
- "object_pk": "15",
- "object_id": 15,
- "object_repr": "CGI Reflected XSS All Clients (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"15\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.182000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.186000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.789Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 868,
- "fields": {
- "content_type": 54,
- "object_pk": "16",
- "object_id": 16,
- "object_repr": "Hardcoded password in Connection String (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 725\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"16\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.333000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.336000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.832Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 869,
- "fields": {
- "content_type": 54,
- "object_pk": "17",
- "object_id": 17,
- "object_repr": "Client Insecure Randomness (encryption.js)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client Insecure Randomness (encryption.js)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\\n\\n**Line Number:** 127\\n**Column:** 28\\n**Source Object:** random\\n**Number:** 127\\n**Code:** var h = Math.floor(Math.random() * 65535);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"17\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.487000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6\"], \"line\": [\"None\", \"127\"], \"file_path\": [\"None\", \"/root/js/encryption.js\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.491000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.874Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 870,
- "fields": {
- "content_type": 54,
- "object_pk": "18",
- "object_id": 18,
- "object_repr": "SQL Injection (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"18\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.637000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.640000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.915Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 871,
- "fields": {
- "content_type": 54,
- "object_pk": "19",
- "object_id": 19,
- "object_repr": "Stored XSS (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"19\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.801000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.804000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:06.962Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 872,
- "fields": {
- "content_type": 54,
- "object_pk": "20",
- "object_id": 20,
- "object_repr": "CGI Stored XSS (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"20\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.958000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.961000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.005Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 873,
- "fields": {
- "content_type": 54,
- "object_pk": "21",
- "object_id": 21,
- "object_repr": "Not Using a Random IV with CBC Mode (AES.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Not Using a Random IV with CBC Mode (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"329\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\\n\\n**Line Number:** 96\\n**Column:** 71\\n**Source Object:** ivBytes\\n**Number:** 96\\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"21\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.130000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.133000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.046Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 874,
- "fields": {
- "content_type": 54,
- "object_pk": "22",
- "object_id": 22,
- "object_repr": "Collapse of Data into Unsafe Value (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Collapse of Data into Unsafe Value (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"182\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\\n\\n**Line Number:** 19\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"22\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.292000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.296000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.085Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 875,
- "fields": {
- "content_type": 54,
- "object_pk": "23",
- "object_id": 23,
- "object_repr": "Stored Boundary Violation (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"646\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Stored\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"23\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.468000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.471000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.129Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 876,
- "fields": {
- "content_type": 54,
- "object_pk": "24",
- "object_id": 24,
- "object_repr": "Hardcoded password in Connection String (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 722\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"24\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.658000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.662000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.170Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 877,
- "fields": {
- "content_type": 54,
- "object_pk": "25",
- "object_id": 25,
- "object_repr": "Blind SQL Injections (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"25\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.816000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.819000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.212Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 878,
- "fields": {
- "content_type": 54,
- "object_pk": "26",
- "object_id": 26,
- "object_repr": "Heap Inspection (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\\n\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"26\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.992000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e\"], \"line\": [\"None\", \"10\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.994000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.256Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 879,
- "fields": {
- "content_type": 54,
- "object_pk": "27",
- "object_id": 27,
- "object_repr": "Use of Cryptographically Weak PRNG (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"27\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:26.155000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:26.160000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.301Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 880,
- "fields": {
- "content_type": 54,
- "object_pk": "28",
- "object_id": 28,
- "object_repr": "Trust Boundary Violation (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Trust Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"501\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"28\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:26.331000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:26.335000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.421Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 881,
- "fields": {
- "content_type": 54,
- "object_pk": "29",
- "object_id": 29,
- "object_repr": "Information Exposure Through an Error Message (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\\n\\n**Line Number:** 52\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 52\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 53\\n**Column:** 387\\n**Source Object:** e\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n**Line Number:** 53\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"29\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:26.578000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:26.582000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.463Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 882,
- "fields": {
- "content_type": 54,
- "object_pk": "30",
- "object_id": 30,
- "object_repr": "Reliance on Cookies in a Decision (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\\n\\n**Line Number:** 38\\n**Column:** 388\\n**Source Object:** getCookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 41\\n**Column:** 373\\n**Source Object:** cookies\\n**Number:** 41\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 42\\n**Column:** 392\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 42\\n**Column:** 357\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 43\\n**Column:** 365\\n**Source Object:** cookie\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 280\\n**Column:** 356\\n**Source Object:** stmt\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n**Line Number:** 280\\n**Column:** 361\\n**Source Object:** !=\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"30\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:26.825000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717\"], \"line\": [\"None\", \"280\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:26.828000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.505Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 883,
- "fields": {
- "content_type": 54,
- "object_pk": "31",
- "object_id": 31,
- "object_repr": "Empty Password In Connection String (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"31\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.014000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.017000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.552Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 884,
- "fields": {
- "content_type": 54,
- "object_pk": "32",
- "object_id": 32,
- "object_repr": "Improper Resource Access Authorization (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\\n\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"32\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.208000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.212000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.594Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 885,
- "fields": {
- "content_type": 54,
- "object_pk": "33",
- "object_id": 33,
- "object_repr": "Client Cross Frame Scripting Attack (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client Cross Frame Scripting Attack (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** JavaScript\\n**Group:** JavaScript Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\\n\\n**Line Number:** 1\\n**Column:** 1\\n**Source Object:** CxJSNS_1557034993\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"33\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.403000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.407000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.639Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 886,
- "fields": {
- "content_type": 54,
- "object_pk": "34",
- "object_id": 34,
- "object_repr": "Hardcoded password in Connection String (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\\n\\n**Line Number:** 1\\n**Column:** 737\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 707\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"34\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.637000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.642000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.684Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 887,
- "fields": {
- "content_type": 54,
- "object_pk": "35",
- "object_id": 35,
- "object_repr": "HttpOnlyCookies In Config (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"35\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.922000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.926000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.727Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 888,
- "fields": {
- "content_type": 54,
- "object_pk": "36",
- "object_id": 36,
- "object_repr": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\\n\\n**Line Number:** 40\\n**Column:** 13\\n**Source Object:** connection\\n**Number:** 40\\n**Code:** this.connection = conn;\\n-----\\n**Line Number:** 43\\n**Column:** 31\\n**Source Object:** getParameters\\n**Number:** 43\\n**Code:** this.getParameters();\\n-----\\n**Line Number:** 44\\n**Column:** 28\\n**Source Object:** setResults\\n**Number:** 44\\n**Code:** this.setResults();\\n-----\\n**Line Number:** 188\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 188\\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\\n-----\\n**Line Number:** 198\\n**Column:** 61\\n**Source Object:** isAjax\\n**Number:** 198\\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\\\", \\\") : result.getTrHTML());\\n-----\\n**Line Number:** 201\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 201\\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\\n-----\\n**Line Number:** 45\\n**Column:** 27\\n**Source Object:** setScores\\n**Number:** 45\\n**Code:** this.setScores();\\n-----\\n**Line Number:** 129\\n**Column:** 28\\n**Source Object:** isDebug\\n**Number:** 129\\n**Code:** if(this.isDebug()){\\n-----\\n**Line Number:** 130\\n**Column:** 21\\n**Source Object:** connection\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 48\\n**Source Object:** createStatement\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 58\\n**Source Object:** execute\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"36\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.129000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08\"], \"line\": [\"None\", \"130\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.133000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.761Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 889,
- "fields": {
- "content_type": 54,
- "object_pk": "37",
- "object_id": 37,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\\n\\n**Line Number:** 56\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 56\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"37\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.322000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.325000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.801Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 890,
- "fields": {
- "content_type": 54,
- "object_pk": "38",
- "object_id": 38,
- "object_repr": "CGI Reflected XSS All Clients (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"38\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.510000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.514000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.841Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 891,
- "fields": {
- "content_type": 54,
- "object_pk": "39",
- "object_id": 39,
- "object_repr": "Suspected XSS (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Suspected XSS (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\\n\\n**Line Number:** 57\\n**Column:** 360\\n**Source Object:** username\\n**Number:** 57\\n**Code:** | <%=username%> | \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"39\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.708000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.712000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.882Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 892,
- "fields": {
- "content_type": 54,
- "object_pk": "40",
- "object_id": 40,
- "object_repr": "Hardcoded password in Connection String (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 704\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"40\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.926000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.930000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.923Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 893,
- "fields": {
- "content_type": 54,
- "object_pk": "41",
- "object_id": 41,
- "object_repr": "Hardcoded password in Connection String (dbconnection.jspf)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"41\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.121000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.125000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:07.966Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 894,
- "fields": {
- "content_type": 54,
- "object_pk": "42",
- "object_id": 42,
- "object_repr": "Empty Password In Connection String (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"42\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.322000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.326000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.010Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 895,
- "fields": {
- "content_type": 54,
- "object_pk": "43",
- "object_id": 43,
- "object_repr": "Download of Code Without Integrity Check (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\\n\\n**Line Number:** 1\\n**Column:** 640\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"43\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.533000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.538000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.050Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 896,
- "fields": {
- "content_type": 54,
- "object_pk": "44",
- "object_id": 44,
- "object_repr": "Information Exposure Through an Error Message (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\\n\\n**Line Number:** 39\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 39\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 41\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 41\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"44\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.726000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63\"], \"line\": [\"None\", \"41\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.729000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.091Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 897,
- "fields": {
- "content_type": 54,
- "object_pk": "45",
- "object_id": 45,
- "object_repr": "SQL Injection (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"45\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.875000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.879000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.133Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 898,
- "fields": {
- "content_type": 54,
- "object_pk": "46",
- "object_id": 46,
- "object_repr": "Empty Password In Connection String (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"46\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.044000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.047000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.175Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 899,
- "fields": {
- "content_type": 54,
- "object_pk": "47",
- "object_id": 47,
- "object_repr": "CGI Stored XSS (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"47\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.240000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.245000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.218Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 900,
- "fields": {
- "content_type": 54,
- "object_pk": "48",
- "object_id": 48,
- "object_repr": "Plaintext Storage in a Cookie (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Plaintext Storage in a Cookie (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"315\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\\n\\n**Line Number:** 82\\n**Column:** 364\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 82\\n**Column:** 353\\n**Source Object:** basketId\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 84\\n**Column:** 391\\n**Source Object:** basketId\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"48\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.432000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.436000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.262Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 901,
- "fields": {
- "content_type": 54,
- "object_pk": "49",
- "object_id": 49,
- "object_repr": "Information Exposure Through an Error Message (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\\n\\n**Line Number:** 72\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 72\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 75\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 75\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"49\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.604000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c\"], \"line\": [\"None\", \"75\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.607000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.303Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 902,
- "fields": {
- "content_type": 54,
- "object_pk": "50",
- "object_id": 50,
- "object_repr": "Hardcoded password in Connection String (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\\n\\n**Line Number:** 1\\n**Column:** 792\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 762\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"50\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.782000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.786000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.345Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 903,
- "fields": {
- "content_type": 54,
- "object_pk": "51",
- "object_id": 51,
- "object_repr": "Stored XSS (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"51\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.966000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.970000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.392Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 904,
- "fields": {
- "content_type": 54,
- "object_pk": "52",
- "object_id": 52,
- "object_repr": "Download of Code Without Integrity Check (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\\n\\n**Line Number:** 1\\n**Column:** 621\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"52\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.141000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.146000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.426Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 905,
- "fields": {
- "content_type": 54,
- "object_pk": "53",
- "object_id": 53,
- "object_repr": "Empty Password In Connection String (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"53\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.296000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.300000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.468Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 906,
- "fields": {
- "content_type": 54,
- "object_pk": "54",
- "object_id": 54,
- "object_repr": "Heap Inspection (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\\n\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"54\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.450000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2\"], \"line\": [\"None\", \"8\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.453000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.512Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 907,
- "fields": {
- "content_type": 54,
- "object_pk": "55",
- "object_id": 55,
- "object_repr": "Download of Code Without Integrity Check (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\\n\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"55\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.606000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.609000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.552Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 908,
- "fields": {
- "content_type": 54,
- "object_pk": "56",
- "object_id": 56,
- "object_repr": "Session Fixation (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Session Fixation (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\\n\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** setAttribute\\n**Number:** 48\\n**Code:** this.session.setAttribute(\\\"key\\\", this.encryptKey);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"56\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.763000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.766000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.593Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 909,
- "fields": {
- "content_type": 54,
- "object_pk": "57",
- "object_id": 57,
- "object_repr": "Stored XSS (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\\n\\n**Line Number:** 34\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 34\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 38\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 38\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 42\\n**Column:** 398\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** \\\" | \\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 42\\n**Column:** 410\\n**Source Object:** getString\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 392\\n**Source Object:** concat\\n**Number:** 39\\n**Code:** output = output.concat(\\\"| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 39\\n**Column:** 370\\n**Source Object:** output\\n**Number:** 39\\n**Code:** output = output.concat(\\\" |
| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 49\\n**Column:** 355\\n**Source Object:** output\\n**Number:** 49\\n**Code:** <%= output %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"57\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.922000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.925000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.641Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 910,
- "fields": {
- "content_type": 54,
- "object_pk": "58",
- "object_id": 58,
- "object_repr": "Empty Password In Connection String (dbconnection.jspf)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"58\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.098000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.100000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.685Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 911,
- "fields": {
- "content_type": 54,
- "object_pk": "59",
- "object_id": 59,
- "object_repr": "Hardcoded password in Connection String (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2619\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"59\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.248000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.251000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.729Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 912,
- "fields": {
- "content_type": 54,
- "object_pk": "60",
- "object_id": 60,
- "object_repr": "Reflected XSS All Clients (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\" |
| \\\" + comments + \\\" |
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" |
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"60\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.401000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.403000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.771Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 913,
- "fields": {
- "content_type": 54,
- "object_pk": "61",
- "object_id": 61,
- "object_repr": "HttpOnlyCookies (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\\n\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"61\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.558000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932\"], \"line\": [\"None\", \"38\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.561000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.817Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 914,
- "fields": {
- "content_type": 54,
- "object_pk": "62",
- "object_id": 62,
- "object_repr": "Download of Code Without Integrity Check (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"62\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.729000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.733000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.859Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 915,
- "fields": {
- "content_type": 54,
- "object_pk": "63",
- "object_id": 63,
- "object_repr": "Stored XSS (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"63\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.884000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.888000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.900Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 916,
- "fields": {
- "content_type": 54,
- "object_pk": "64",
- "object_id": 64,
- "object_repr": "Empty Password In Connection String (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"64\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.048000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.051000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.941Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 917,
- "fields": {
- "content_type": 54,
- "object_pk": "65",
- "object_id": 65,
- "object_repr": "Reflected XSS All Clients (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"65\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.224000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.227000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:08.984Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 918,
- "fields": {
- "content_type": 54,
- "object_pk": "66",
- "object_id": 66,
- "object_repr": "Improper Resource Access Authorization (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"66\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.384000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628\"], \"line\": [\"None\", \"42\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.387000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.028Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 919,
- "fields": {
- "content_type": 54,
- "object_pk": "67",
- "object_id": 67,
- "object_repr": "Download of Code Without Integrity Check (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\\n\\n**Line Number:** 1\\n**Column:** 625\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"67\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.543000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.546000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.067Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 920,
- "fields": {
- "content_type": 54,
- "object_pk": "68",
- "object_id": 68,
- "object_repr": "Download of Code Without Integrity Check (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"68\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.698000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.700000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.108Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 921,
- "fields": {
- "content_type": 54,
- "object_pk": "69",
- "object_id": 69,
- "object_repr": "Improper Resource Access Authorization (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\\n\\n**Line Number:** 55\\n**Column:** 385\\n**Source Object:** executeQuery\\n**Number:** 55\\n**Code:** ResultSet rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE basketid = \\\" + basketId);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"69\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.859000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f\"], \"line\": [\"None\", \"55\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.862000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.150Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 922,
- "fields": {
- "content_type": 54,
- "object_pk": "70",
- "object_id": 70,
- "object_repr": "Race Condition Format Flaw (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\\n\\n**Line Number:** 262\\n**Column:** 399\\n**Source Object:** format\\n**Number:** 262\\n**Code:** out.println(\\\" | \\\" + nf.format(pricetopay) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"70\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.023000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a\"], \"line\": [\"None\", \"262\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.026000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.196Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 923,
- "fields": {
- "content_type": 54,
- "object_pk": "71",
- "object_id": 71,
- "object_repr": "Empty Password In Connection String (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\\n\\n**Line Number:** 89\\n**Column:** 1\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 89\\n**Code:** c = DriverManager.getConnection(\\\"jdbc:hsqldb:mem:SQL\\\", \\\"sa\\\", \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"71\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.180000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.183000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.237Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 924,
- "fields": {
- "content_type": 54,
- "object_pk": "72",
- "object_id": 72,
- "object_repr": "Improper Resource Access Authorization (FunctionalZAP.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (FunctionalZAP.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\\n\\n**Line Number:** 31\\n**Column:** 37\\n**Source Object:** getProperty\\n**Number:** 31\\n**Code:** String target = System.getProperty(\\\"zap.targetApp\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"72\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.358000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.362000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.277Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 925,
- "fields": {
- "content_type": 54,
- "object_pk": "73",
- "object_id": 73,
- "object_repr": "Suspected XSS (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Suspected XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** username\\n**Number:** 7\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 89\\n**Column:** 356\\n**Source Object:** username\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"73\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.519000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.522000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.319Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 926,
- "fields": {
- "content_type": 54,
- "object_pk": "74",
- "object_id": 74,
- "object_repr": "Use of Cryptographically Weak PRNG (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"74\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.678000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.681000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.364Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 927,
- "fields": {
- "content_type": 54,
- "object_pk": "75",
- "object_id": 75,
- "object_repr": "CGI Stored XSS (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"75\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.836000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.839000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.405Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 928,
- "fields": {
- "content_type": 54,
- "object_pk": "76",
- "object_id": 76,
- "object_repr": "Improper Resource Shutdown or Release (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\\n\\n**Line Number:** 1\\n**Column:** 2588\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2872\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3278\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3375\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3473\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3575\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3673\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3769\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3866\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3972\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4357\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4511\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4668\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4823\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5127\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5279\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5431\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5583\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5733\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5883\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6033\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6183\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6333\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6483\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6633\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6783\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6940\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7096\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7257\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7580\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7730\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7880\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8029\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8179\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8340\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8495\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8656\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8813\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8966\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9121\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9272\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9653\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9814\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9976\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10140\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10506\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10846\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10986\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11126\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11266\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11407\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11761\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11779\\n**Source Object:** prepareStatement\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11899\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"76\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.026000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.030000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.452Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 929,
- "fields": {
- "content_type": 54,
- "object_pk": "77",
- "object_id": 77,
- "object_repr": "Download of Code Without Integrity Check (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\\n\\n**Line Number:** 87\\n**Column:** 10\\n**Source Object:** forName\\n**Number:** 87\\n**Code:** Class.forName(\\\"org.hsqldb.jdbcDriver\\\" );\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"77\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.225000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2\"], \"line\": [\"None\", \"87\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.229000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.501Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 930,
- "fields": {
- "content_type": 54,
- "object_pk": "78",
- "object_id": 78,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\\n\\n**Line Number:** 1\\n**Column:** 728\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1648\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 53\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 53\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 240\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 274\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 274\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"78\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.386000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.392000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.542Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 931,
- "fields": {
- "content_type": 54,
- "object_pk": "79",
- "object_id": 79,
- "object_repr": "Blind SQL Injections (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"79\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.595000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.598000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.585Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 932,
- "fields": {
- "content_type": 54,
- "object_pk": "80",
- "object_id": 80,
- "object_repr": "Client DOM Open Redirect (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client DOM Open Redirect (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"601\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\\n\\n**Line Number:** 48\\n**Column:** 63\\n**Source Object:** href\\n**Number:** 48\\n**Code:** New Search\\n-----\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** location\\n**Number:** 48\\n**Code:** New Search\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"80\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.766000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.769000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.633Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 933,
- "fields": {
- "content_type": 54,
- "object_pk": "81",
- "object_id": 81,
- "object_repr": "Hardcoded password in Connection String (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"81\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.923000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.926000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.680Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 934,
- "fields": {
- "content_type": 54,
- "object_pk": "82",
- "object_id": 82,
- "object_repr": "CGI Stored XSS (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"82\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.095000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.098000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.721Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 935,
- "fields": {
- "content_type": 54,
- "object_pk": "83",
- "object_id": 83,
- "object_repr": "Use of Insufficiently Random Values (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"83\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.237000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.240000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.762Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 936,
- "fields": {
- "content_type": 54,
- "object_pk": "84",
- "object_id": 84,
- "object_repr": "Missing X Frame Options (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"84\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.375000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.378000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.801Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 937,
- "fields": {
- "content_type": 54,
- "object_pk": "85",
- "object_id": 85,
- "object_repr": "Reflected XSS All Clients (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\\n\\n**Line Number:** 10\\n**Column:** 395\\n**Source Object:** \\\"\\\"q\\\"\\\"\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 394\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** query\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 362\\n**Source Object:** query\\n**Number:** 13\\n**Code:** if (query.replaceAll(\\\"\\\\\\\\s\\\", \\\"\\\").toLowerCase().indexOf(\\\"\\\") >= 0) {\\n-----\\n**Line Number:** 18\\n**Column:** 380\\n**Source Object:** query\\n**Number:** 18\\n**Code:** You searched for: <%= query %>
\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"85\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.521000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06\"], \"line\": [\"None\", \"18\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.524000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.839Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 938,
- "fields": {
- "content_type": 54,
- "object_pk": "86",
- "object_id": 86,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\\n\\n**Line Number:** 84\\n**Column:** 372\\n**Source Object:** Cookie\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"86\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.670000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.673000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.878Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 939,
- "fields": {
- "content_type": 54,
- "object_pk": "87",
- "object_id": 87,
- "object_repr": "Information Exposure Through an Error Message (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\\n\\n**Line Number:** 35\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 35\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 37\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"87\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.844000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.848000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.917Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 940,
- "fields": {
- "content_type": 54,
- "object_pk": "88",
- "object_id": 88,
- "object_repr": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\\n\\n**Line Number:** 47\\n**Column:** 70\\n**Source Object:** 0\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 69\\n**Source Object:** substring\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 17\\n**Source Object:** encryptKey\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 17\\n**Column:** 374\\n**Source Object:** AdvancedSearch\\n**Number:** 17\\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\\n-----\\n**Line Number:** 18\\n**Column:** 357\\n**Source Object:** as\\n**Number:** 18\\n**Code:** if(as.isAjax()){\\n-----\\n**Line Number:** 26\\n**Column:** 20\\n**Source Object:** encryptKey\\n**Number:** 26\\n**Code:** private String encryptKey = null;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"88\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.010000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be\"], \"line\": [\"None\", \"26\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.013000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:09.958Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 941,
- "fields": {
- "content_type": 54,
- "object_pk": "89",
- "object_id": 89,
- "object_repr": "Reliance on Cookies in a Decision (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\\n\\n**Line Number:** 46\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 49\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 49\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 50\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 50\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 51\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 56\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 56\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"89\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.158000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.160000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.003Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 942,
- "fields": {
- "content_type": 54,
- "object_pk": "90",
- "object_id": 90,
- "object_repr": "Stored XSS (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\\n\\n**Line Number:** 63\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 63\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 66\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 66\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 68\\n**Column:** 411\\n**Source Object:** rs\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 423\\n**Source Object:** getString\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"90\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.311000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e\"], \"line\": [\"None\", \"68\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.314000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.044Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 943,
- "fields": {
- "content_type": 54,
- "object_pk": "91",
- "object_id": 91,
- "object_repr": "CGI Stored XSS (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"91\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.460000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.463000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.082Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 944,
- "fields": {
- "content_type": 54,
- "object_pk": "92",
- "object_id": 92,
- "object_repr": "Heap Inspection (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"92\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.597000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd\"], \"line\": [\"None\", \"7\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.600000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.126Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 945,
- "fields": {
- "content_type": 54,
- "object_pk": "93",
- "object_id": 93,
- "object_repr": "Improper Resource Shutdown or Release (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\\n\\n**Line Number:** 1\\n**Column:** 721\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1641\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 20\\n**Column:** 371\\n**Source Object:** conn\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 391\\n**Source Object:** createStatement\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 364\\n**Source Object:** stmt\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 34\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 57\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 57\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"93\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.742000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.745000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.168Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 946,
- "fields": {
- "content_type": 54,
- "object_pk": "94",
- "object_id": 94,
- "object_repr": "Information Exposure Through an Error Message (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\\n\\n**Line Number:** 64\\n**Column:** 374\\n**Source Object:** e\\n**Number:** 64\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 65\\n**Column:** 357\\n**Source Object:** e\\n**Number:** 65\\n**Code:** if (e.getMessage().indexOf(\\\"Unique constraint violation\\\") >= 0) {\\n-----\\n**Line Number:** 70\\n**Column:** 392\\n**Source Object:** e\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 70\\n**Column:** 366\\n**Source Object:** println\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"94\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.887000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19\"], \"line\": [\"None\", \"70\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.890000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.208Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 947,
- "fields": {
- "content_type": 54,
- "object_pk": "95",
- "object_id": 95,
- "object_repr": "Improper Resource Access Authorization (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\\n\\n**Line Number:** 1\\n**Column:** 3261\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"95\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.043000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.046000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.248Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 948,
- "fields": {
- "content_type": 54,
- "object_pk": "96",
- "object_id": 96,
- "object_repr": "CGI Stored XSS (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 14\\n**Column:** 38\\n**Source Object:** getAttribute\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 10\\n**Source Object:** username\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 52\\n**Source Object:** username\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 8\\n**Source Object:** println\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"96\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.203000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.207000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.289Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 949,
- "fields": {
- "content_type": 54,
- "object_pk": "97",
- "object_id": 97,
- "object_repr": "Blind SQL Injections (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"97\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.359000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.363000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.329Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 950,
- "fields": {
- "content_type": 54,
- "object_pk": "98",
- "object_id": 98,
- "object_repr": "HttpOnlyCookies In Config (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"98\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.517000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.522000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.369Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 951,
- "fields": {
- "content_type": 54,
- "object_pk": "99",
- "object_id": 99,
- "object_repr": "Use of Hard coded Cryptographic Key (AES.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\\n\\n**Line Number:** 50\\n**Column:** 43\\n**Source Object:** \\\"\\\"AES/ECB/NoPadding\\\"\\\"\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 42\\n**Source Object:** getInstance\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 19\\n**Source Object:** c2\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"99\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.676000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.678000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.411Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 952,
- "fields": {
- "content_type": 54,
- "object_pk": "100",
- "object_id": 100,
- "object_repr": "Improper Resource Shutdown or Release (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\\n\\n**Line Number:** 13\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"100\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.846000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.849000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.452Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 953,
- "fields": {
- "content_type": 54,
- "object_pk": "101",
- "object_id": 101,
- "object_repr": "CGI Reflected XSS All Clients (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"101\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.003000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.006000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.494Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 954,
- "fields": {
- "content_type": 54,
- "object_pk": "102",
- "object_id": 102,
- "object_repr": "Stored XSS (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\" | \\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"102\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.161000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.163000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.538Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 955,
- "fields": {
- "content_type": 54,
- "object_pk": "103",
- "object_id": 103,
- "object_repr": "Information Exposure Through an Error Message (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\\n\\n**Line Number:** 62\\n**Column:** 371\\n**Source Object:** e\\n**Number:** 62\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 65\\n**Column:** 391\\n**Source Object:** e\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 65\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"103\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.318000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd\"], \"line\": [\"None\", \"65\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.321000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.576Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 956,
- "fields": {
- "content_type": 54,
- "object_pk": "104",
- "object_id": 104,
- "object_repr": "Improper Resource Access Authorization (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\\n\\n**Line Number:** 14\\n**Column:** 396\\n**Source Object:** execute\\n**Number:** 14\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"104\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.488000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.492000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.623Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 957,
- "fields": {
- "content_type": 54,
- "object_pk": "105",
- "object_id": 105,
- "object_repr": "Improper Resource Access Authorization (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\\n\\n**Line Number:** 14\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"105\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.658000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.661000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.668Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 958,
- "fields": {
- "content_type": 54,
- "object_pk": "106",
- "object_id": 106,
- "object_repr": "Improper Resource Shutdown or Release (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\\n\\n**Line Number:** 1\\n**Column:** 669\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1589\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 15\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 15\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Users\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 27\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Baskets\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 40\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 40\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"106\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.818000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6\"], \"line\": [\"None\", \"40\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.821000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.711Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 959,
- "fields": {
- "content_type": 54,
- "object_pk": "107",
- "object_id": 107,
- "object_repr": "Information Exposure Through an Error Message (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\\n\\n**Line Number:** 55\\n**Column:** 377\\n**Source Object:** e\\n**Number:** 55\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 58\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 58\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"107\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.982000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2\"], \"line\": [\"None\", \"58\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.984000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.751Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 960,
- "fields": {
- "content_type": 54,
- "object_pk": "108",
- "object_id": 108,
- "object_repr": "Blind SQL Injections (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"108\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.124000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.129000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.791Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 961,
- "fields": {
- "content_type": 54,
- "object_pk": "109",
- "object_id": 109,
- "object_repr": "Reliance on Cookies in a Decision (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\\n\\n**Line Number:** 35\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 39\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 40\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 45\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 45\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"109\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.275000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9\"], \"line\": [\"None\", \"45\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.278000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.837Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 962,
- "fields": {
- "content_type": 54,
- "object_pk": "110",
- "object_id": 110,
- "object_repr": "Download of Code Without Integrity Check (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"110\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.420000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.423000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.878Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 963,
- "fields": {
- "content_type": 54,
- "object_pk": "111",
- "object_id": 111,
- "object_repr": "Unsynchronized Access To Shared Data (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Unsynchronized Access To Shared Data (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"567\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\\n\\n**Line Number:** 93\\n**Column:** 24\\n**Source Object:** jsonEmpty\\n**Number:** 93\\n**Code:** return this.jsonEmpty;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"111\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.561000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87\"], \"line\": [\"None\", \"93\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.564000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.918Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 964,
- "fields": {
- "content_type": 54,
- "object_pk": "112",
- "object_id": 112,
- "object_repr": "Empty Password In Connection String (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"112\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.700000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.703000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.957Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 965,
- "fields": {
- "content_type": 54,
- "object_pk": "113",
- "object_id": 113,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\\n\\n**Line Number:** 1\\n**Column:** 670\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1590\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 12\\n**Column:** 368\\n**Source Object:** conn\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 388\\n**Source Object:** createStatement\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 361\\n**Source Object:** stmt\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 15\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 383\\n**Source Object:** getInt\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 360\\n**Source Object:** userid\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 23\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 23\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n**Line Number:** 37\\n**Column:** 396\\n**Source Object:** getAttribute\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 358\\n**Source Object:** userid\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 420\\n**Source Object:** userid\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 376\\n**Source Object:** executeQuery\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 111\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 111\\n**Code:** rs.next();\\n-----\\n**Line Number:** 112\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 379\\n**Source Object:** getInt\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"113\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.853000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.856000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:10.999Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 966,
- "fields": {
- "content_type": 54,
- "object_pk": "114",
- "object_id": 114,
- "object_repr": "Improper Resource Access Authorization (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"114\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.011000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.014000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.042Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 967,
- "fields": {
- "content_type": 54,
- "object_pk": "115",
- "object_id": 115,
- "object_repr": "Session Fixation (logout.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Session Fixation (logout.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\\n\\n**Line Number:** 3\\n**Column:** 370\\n**Source Object:** setAttribute\\n**Number:** 3\\n**Code:** session.setAttribute(\\\"username\\\", null);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"115\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.185000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10\"], \"line\": [\"None\", \"3\"], \"file_path\": [\"None\", \"/root/logout.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.188000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.081Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 968,
- "fields": {
- "content_type": 54,
- "object_pk": "116",
- "object_id": 116,
- "object_repr": "Hardcoded password in Connection String (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"116\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.344000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.351000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.122Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 969,
- "fields": {
- "content_type": 54,
- "object_pk": "117",
- "object_id": 117,
- "object_repr": "Hardcoded password in Connection String (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 860\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"117\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.528000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.531000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.162Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 970,
- "fields": {
- "content_type": 54,
- "object_pk": "118",
- "object_id": 118,
- "object_repr": "Improper Resource Access Authorization (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"118\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.730000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.734000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.207Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 971,
- "fields": {
- "content_type": 54,
- "object_pk": "119",
- "object_id": 119,
- "object_repr": "Improper Resource Access Authorization (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\\n\\n**Line Number:** 91\\n**Column:** 14\\n**Source Object:** executeQuery\\n**Number:** 91\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"119\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.957000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9\"], \"line\": [\"None\", \"91\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.960000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.252Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 972,
- "fields": {
- "content_type": 54,
- "object_pk": "120",
- "object_id": 120,
- "object_repr": "Empty Password In Connection String (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"120\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.131000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.135000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.292Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 973,
- "fields": {
- "content_type": 54,
- "object_pk": "121",
- "object_id": 121,
- "object_repr": "Improper Resource Shutdown or Release (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\\n\\n**Line Number:** 21\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"121\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.312000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.315000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.335Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 974,
- "fields": {
- "content_type": 54,
- "object_pk": "122",
- "object_id": 122,
- "object_repr": "Improper Resource Shutdown or Release (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\\n\\n**Line Number:** 1\\n**Column:** 691\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1611\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 97\\n**Column:** 353\\n**Source Object:** conn\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 373\\n**Source Object:** createStatement\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"122\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.483000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28\"], \"line\": [\"None\", \"97\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.487000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.373Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 975,
- "fields": {
- "content_type": 54,
- "object_pk": "123",
- "object_id": 123,
- "object_repr": "Empty Password In Connection String (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"123\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.633000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.636000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.413Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 976,
- "fields": {
- "content_type": 54,
- "object_pk": "124",
- "object_id": 124,
- "object_repr": "Information Exposure Through an Error Message (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\\n\\n**Line Number:** 60\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 60\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 63\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 63\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"124\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.778000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb\"], \"line\": [\"None\", \"63\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.781000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.452Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 977,
- "fields": {
- "content_type": 54,
- "object_pk": "125",
- "object_id": 125,
- "object_repr": "Use of Insufficiently Random Values (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"125\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.939000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.943000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.498Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 978,
- "fields": {
- "content_type": 54,
- "object_pk": "126",
- "object_id": 126,
- "object_repr": "Stored XSS (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 89\\n**Column:** 401\\n**Source Object:** getAttribute\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"126\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.093000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.096000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.542Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 979,
- "fields": {
- "content_type": 54,
- "object_pk": "127",
- "object_id": 127,
- "object_repr": "HttpOnlyCookies (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\\n\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"127\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.234000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3\"], \"line\": [\"None\", \"35\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.237000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.581Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 980,
- "fields": {
- "content_type": 54,
- "object_pk": "128",
- "object_id": 128,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\\n\\n**Line Number:** 61\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 61\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"128\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.397000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99\"], \"line\": [\"None\", \"61\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.400000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.624Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 981,
- "fields": {
- "content_type": 54,
- "object_pk": "129",
- "object_id": 129,
- "object_repr": "Information Exposure Through an Error Message (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\\n\\n**Line Number:** 96\\n**Column:** 18\\n**Source Object:** e\\n**Number:** 96\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 99\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 99\\n**Column:** 9\\n**Source Object:** println\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"129\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.543000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215\"], \"line\": [\"None\", \"99\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.546000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.671Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 982,
- "fields": {
- "content_type": 54,
- "object_pk": "130",
- "object_id": 130,
- "object_repr": "Race Condition Format Flaw (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\\n\\n**Line Number:** 51\\n**Column:** 400\\n**Source Object:** format\\n**Number:** 51\\n**Code:** \\\"\\\" + nf.format(price) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"130\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.700000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1\"], \"line\": [\"None\", \"51\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.703000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.711Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 983,
- "fields": {
- "content_type": 54,
- "object_pk": "131",
- "object_id": 131,
- "object_repr": "Stored XSS (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"131\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.855000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.859000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.751Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 984,
- "fields": {
- "content_type": 54,
- "object_pk": "132",
- "object_id": 132,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1593\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 26\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 29\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 31\\n**Code:** rs.next();\\n-----\\n**Line Number:** 32\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 377\\n**Source Object:** getInt\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 353\\n**Source Object:** userid\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 36\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 36\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"132\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.034000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.037000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.791Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 985,
- "fields": {
- "content_type": 54,
- "object_pk": "133",
- "object_id": 133,
- "object_repr": "Heap Inspection (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\\n\\n**Line Number:** 1\\n**Column:** 563\\n**Source Object:** passwordSize\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"133\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.200000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.203000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.831Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 986,
- "fields": {
- "content_type": 54,
- "object_pk": "134",
- "object_id": 134,
- "object_repr": "CGI Reflected XSS All Clients (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"134\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.346000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.349000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.872Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 987,
- "fields": {
- "content_type": 54,
- "object_pk": "135",
- "object_id": 135,
- "object_repr": "Empty Password In Connection String (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"135\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.499000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.502000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.912Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 988,
- "fields": {
- "content_type": 54,
- "object_pk": "136",
- "object_id": 136,
- "object_repr": "Information Exposure Through an Error Message (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\\n\\n**Line Number:** 95\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 95\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 98\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 98\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"136\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.647000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49\"], \"line\": [\"None\", \"98\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.650000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.953Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 989,
- "fields": {
- "content_type": 54,
- "object_pk": "137",
- "object_id": 137,
- "object_repr": "XSRF (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"XSRF (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"352\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"137\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.834000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.837000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:11.994Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 990,
- "fields": {
- "content_type": 54,
- "object_pk": "138",
- "object_id": 138,
- "object_repr": "Download of Code Without Integrity Check (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\\n\\n**Line Number:** 1\\n**Column:** 778\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"138\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:45.012000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:45.015000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.036Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 991,
- "fields": {
- "content_type": 54,
- "object_pk": "139",
- "object_id": 139,
- "object_repr": "Improper Resource Access Authorization (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\\n\\n**Line Number:** 29\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"139\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:45.191000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:45.200000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.075Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 992,
- "fields": {
- "content_type": 54,
- "object_pk": "140",
- "object_id": 140,
- "object_repr": "SQL Injection (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"140\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:17.740000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:17.743000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.116Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 993,
- "fields": {
- "content_type": 54,
- "object_pk": "141",
- "object_id": 141,
- "object_repr": "Download of Code Without Integrity Check (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"141\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:17.907000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:17.909000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.158Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 994,
- "fields": {
- "content_type": 54,
- "object_pk": "142",
- "object_id": 142,
- "object_repr": "Missing X Frame Options (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"142\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.078000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.081000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.198Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 995,
- "fields": {
- "content_type": 54,
- "object_pk": "143",
- "object_id": 143,
- "object_repr": "Information Exposure Through an Error Message (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\\n\\n**Line Number:** 132\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 132\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 134\\n**Column:** 13\\n**Source Object:** e\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n**Line Number:** 134\\n**Column:** 30\\n**Source Object:** printStackTrace\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"143\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.260000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc\"], \"line\": [\"None\", \"134\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.263000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.243Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 996,
- "fields": {
- "content_type": 54,
- "object_pk": "144",
- "object_id": 144,
- "object_repr": "Improper Resource Shutdown or Release (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\\n\\n**Line Number:** 1\\n**Column:** 688\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1608\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 13\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT COUNT (*) FROM Products\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 25\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"144\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.421000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27\"], \"line\": [\"None\", \"25\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.424000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.282Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 997,
- "fields": {
- "content_type": 54,
- "object_pk": "145",
- "object_id": 145,
- "object_repr": "Reflected XSS All Clients (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"145\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.608000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.610000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.323Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 998,
- "fields": {
- "content_type": 54,
- "object_pk": "146",
- "object_id": 146,
- "object_repr": "HttpOnlyCookies (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\\n\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"146\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.782000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924\"], \"line\": [\"None\", \"46\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.786000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.357Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 999,
- "fields": {
- "content_type": 54,
- "object_pk": "147",
- "object_id": 147,
- "object_repr": "CGI Reflected XSS All Clients (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"147\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.953000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.956000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.394Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1000,
- "fields": {
- "content_type": 54,
- "object_pk": "148",
- "object_id": 148,
- "object_repr": "Hardcoded password in Connection String (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 725\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"148\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.120000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.123000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.434Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1001,
- "fields": {
- "content_type": 54,
- "object_pk": "149",
- "object_id": 149,
- "object_repr": "Client Insecure Randomness (encryption.js)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client Insecure Randomness (encryption.js)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\\n\\n**Line Number:** 127\\n**Column:** 28\\n**Source Object:** random\\n**Number:** 127\\n**Code:** var h = Math.floor(Math.random() * 65535);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"149\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.295000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6\"], \"line\": [\"None\", \"127\"], \"file_path\": [\"None\", \"/root/js/encryption.js\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.298000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.474Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1002,
- "fields": {
- "content_type": 54,
- "object_pk": "150",
- "object_id": 150,
- "object_repr": "SQL Injection (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"150\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.467000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.470000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.516Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1003,
- "fields": {
- "content_type": 54,
- "object_pk": "151",
- "object_id": 151,
- "object_repr": "Stored XSS (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"151\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.621000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.625000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.558Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1004,
- "fields": {
- "content_type": 54,
- "object_pk": "152",
- "object_id": 152,
- "object_repr": "CGI Stored XSS (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"152\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.789000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.792000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.599Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1005,
- "fields": {
- "content_type": 54,
- "object_pk": "153",
- "object_id": 153,
- "object_repr": "Not Using a Random IV with CBC Mode (AES.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Not Using a Random IV with CBC Mode (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"329\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\\n\\n**Line Number:** 96\\n**Column:** 71\\n**Source Object:** ivBytes\\n**Number:** 96\\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"153\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.978000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.980000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.643Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1006,
- "fields": {
- "content_type": 54,
- "object_pk": "154",
- "object_id": 154,
- "object_repr": "Collapse of Data into Unsafe Value (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Collapse of Data into Unsafe Value (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"182\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\\n\\n**Line Number:** 19\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"154\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.129000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.132000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.685Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1007,
- "fields": {
- "content_type": 54,
- "object_pk": "155",
- "object_id": 155,
- "object_repr": "Stored Boundary Violation (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"646\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Stored\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"155\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.279000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.281000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.726Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1008,
- "fields": {
- "content_type": 54,
- "object_pk": "156",
- "object_id": 156,
- "object_repr": "Hardcoded password in Connection String (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 722\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"156\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.420000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.423000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.766Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1009,
- "fields": {
- "content_type": 54,
- "object_pk": "157",
- "object_id": 157,
- "object_repr": "Blind SQL Injections (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"157\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.567000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.570000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.805Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1010,
- "fields": {
- "content_type": 54,
- "object_pk": "158",
- "object_id": 158,
- "object_repr": "Heap Inspection (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\\n\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"158\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.710000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e\"], \"line\": [\"None\", \"10\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.712000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.844Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1011,
- "fields": {
- "content_type": 54,
- "object_pk": "159",
- "object_id": 159,
- "object_repr": "Use of Cryptographically Weak PRNG (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"159\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.879000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.882000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.884Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1012,
- "fields": {
- "content_type": 54,
- "object_pk": "160",
- "object_id": 160,
- "object_repr": "Trust Boundary Violation (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Trust Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"501\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"160\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.025000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.029000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.924Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1013,
- "fields": {
- "content_type": 54,
- "object_pk": "161",
- "object_id": 161,
- "object_repr": "Information Exposure Through an Error Message (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\\n\\n**Line Number:** 52\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 52\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 53\\n**Column:** 387\\n**Source Object:** e\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n**Line Number:** 53\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"161\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.182000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.185000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.935Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1014,
- "fields": {
- "content_type": 54,
- "object_pk": "162",
- "object_id": 162,
- "object_repr": "Reliance on Cookies in a Decision (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\\n\\n**Line Number:** 38\\n**Column:** 388\\n**Source Object:** getCookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 41\\n**Column:** 373\\n**Source Object:** cookies\\n**Number:** 41\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 42\\n**Column:** 392\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 42\\n**Column:** 357\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 43\\n**Column:** 365\\n**Source Object:** cookie\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 280\\n**Column:** 356\\n**Source Object:** stmt\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n**Line Number:** 280\\n**Column:** 361\\n**Source Object:** !=\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"162\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.341000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717\"], \"line\": [\"None\", \"280\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.344000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:12.977Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1015,
- "fields": {
- "content_type": 54,
- "object_pk": "163",
- "object_id": 163,
- "object_repr": "Empty Password In Connection String (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"163\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.504000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.506000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.016Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1016,
- "fields": {
- "content_type": 54,
- "object_pk": "164",
- "object_id": 164,
- "object_repr": "Improper Resource Access Authorization (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\\n\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"164\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.656000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.659000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.055Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1017,
- "fields": {
- "content_type": 54,
- "object_pk": "165",
- "object_id": 165,
- "object_repr": "Client Cross Frame Scripting Attack (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client Cross Frame Scripting Attack (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** JavaScript\\n**Group:** JavaScript Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\\n\\n**Line Number:** 1\\n**Column:** 1\\n**Source Object:** CxJSNS_1557034993\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"165\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.810000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.813000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.098Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1018,
- "fields": {
- "content_type": 54,
- "object_pk": "166",
- "object_id": 166,
- "object_repr": "Hardcoded password in Connection String (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\\n\\n**Line Number:** 1\\n**Column:** 737\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 707\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"166\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.951000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.955000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.139Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1019,
- "fields": {
- "content_type": 54,
- "object_pk": "167",
- "object_id": 167,
- "object_repr": "HttpOnlyCookies In Config (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"167\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.103000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.106000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.180Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1020,
- "fields": {
- "content_type": 54,
- "object_pk": "168",
- "object_id": 168,
- "object_repr": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\\n\\n**Line Number:** 40\\n**Column:** 13\\n**Source Object:** connection\\n**Number:** 40\\n**Code:** this.connection = conn;\\n-----\\n**Line Number:** 43\\n**Column:** 31\\n**Source Object:** getParameters\\n**Number:** 43\\n**Code:** this.getParameters();\\n-----\\n**Line Number:** 44\\n**Column:** 28\\n**Source Object:** setResults\\n**Number:** 44\\n**Code:** this.setResults();\\n-----\\n**Line Number:** 188\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 188\\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\\n-----\\n**Line Number:** 198\\n**Column:** 61\\n**Source Object:** isAjax\\n**Number:** 198\\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\\\", \\\") : result.getTrHTML());\\n-----\\n**Line Number:** 201\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 201\\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\\n-----\\n**Line Number:** 45\\n**Column:** 27\\n**Source Object:** setScores\\n**Number:** 45\\n**Code:** this.setScores();\\n-----\\n**Line Number:** 129\\n**Column:** 28\\n**Source Object:** isDebug\\n**Number:** 129\\n**Code:** if(this.isDebug()){\\n-----\\n**Line Number:** 130\\n**Column:** 21\\n**Source Object:** connection\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 48\\n**Source Object:** createStatement\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 58\\n**Source Object:** execute\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"168\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.252000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08\"], \"line\": [\"None\", \"130\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.255000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.223Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1021,
- "fields": {
- "content_type": 54,
- "object_pk": "169",
- "object_id": 169,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\\n\\n**Line Number:** 56\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 56\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"169\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.404000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.407000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.263Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1022,
- "fields": {
- "content_type": 54,
- "object_pk": "170",
- "object_id": 170,
- "object_repr": "CGI Reflected XSS All Clients (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"170\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.558000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.561000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.303Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1023,
- "fields": {
- "content_type": 54,
- "object_pk": "171",
- "object_id": 171,
- "object_repr": "Suspected XSS (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Suspected XSS (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\\n\\n**Line Number:** 57\\n**Column:** 360\\n**Source Object:** username\\n**Number:** 57\\n**Code:** | <%=username%> | \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"171\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.703000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.706000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.343Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1024,
- "fields": {
- "content_type": 54,
- "object_pk": "172",
- "object_id": 172,
- "object_repr": "Hardcoded password in Connection String (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 704\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"172\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.855000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.858000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.383Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1025,
- "fields": {
- "content_type": 54,
- "object_pk": "173",
- "object_id": 173,
- "object_repr": "Hardcoded password in Connection String (dbconnection.jspf)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"173\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.007000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.010000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.424Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1026,
- "fields": {
- "content_type": 54,
- "object_pk": "174",
- "object_id": 174,
- "object_repr": "Empty Password In Connection String (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"174\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.177000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.181000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.467Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1027,
- "fields": {
- "content_type": 54,
- "object_pk": "175",
- "object_id": 175,
- "object_repr": "Download of Code Without Integrity Check (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\\n\\n**Line Number:** 1\\n**Column:** 640\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"175\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.337000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.341000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.507Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1028,
- "fields": {
- "content_type": 54,
- "object_pk": "176",
- "object_id": 176,
- "object_repr": "Information Exposure Through an Error Message (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\\n\\n**Line Number:** 39\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 39\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 41\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 41\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"176\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.502000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63\"], \"line\": [\"None\", \"41\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.504000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.546Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1029,
- "fields": {
- "content_type": 54,
- "object_pk": "177",
- "object_id": 177,
- "object_repr": "SQL Injection (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"177\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.658000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.661000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.597Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1030,
- "fields": {
- "content_type": 54,
- "object_pk": "178",
- "object_id": 178,
- "object_repr": "Empty Password In Connection String (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"178\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.823000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.827000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.640Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1031,
- "fields": {
- "content_type": 54,
- "object_pk": "179",
- "object_id": 179,
- "object_repr": "CGI Stored XSS (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"179\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.014000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.020000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.682Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1032,
- "fields": {
- "content_type": 54,
- "object_pk": "180",
- "object_id": 180,
- "object_repr": "Plaintext Storage in a Cookie (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Plaintext Storage in a Cookie (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"315\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\\n\\n**Line Number:** 82\\n**Column:** 364\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 82\\n**Column:** 353\\n**Source Object:** basketId\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 84\\n**Column:** 391\\n**Source Object:** basketId\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"180\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.186000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.189000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.723Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1033,
- "fields": {
- "content_type": 54,
- "object_pk": "181",
- "object_id": 181,
- "object_repr": "Information Exposure Through an Error Message (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\\n\\n**Line Number:** 72\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 72\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 75\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 75\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"181\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.348000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c\"], \"line\": [\"None\", \"75\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.352000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.761Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1034,
- "fields": {
- "content_type": 54,
- "object_pk": "182",
- "object_id": 182,
- "object_repr": "Hardcoded password in Connection String (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\\n\\n**Line Number:** 1\\n**Column:** 792\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 762\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"182\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.527000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.532000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.802Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1035,
- "fields": {
- "content_type": 54,
- "object_pk": "183",
- "object_id": 183,
- "object_repr": "Stored XSS (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"183\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.689000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.692000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.869Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1036,
- "fields": {
- "content_type": 54,
- "object_pk": "184",
- "object_id": 184,
- "object_repr": "Download of Code Without Integrity Check (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\\n\\n**Line Number:** 1\\n**Column:** 621\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"184\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.885000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.888000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.908Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1037,
- "fields": {
- "content_type": 54,
- "object_pk": "185",
- "object_id": 185,
- "object_repr": "Empty Password In Connection String (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"185\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.058000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.063000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.948Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1038,
- "fields": {
- "content_type": 54,
- "object_pk": "186",
- "object_id": 186,
- "object_repr": "Heap Inspection (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\\n\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"186\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.238000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2\"], \"line\": [\"None\", \"8\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.242000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:13.990Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1039,
- "fields": {
- "content_type": 54,
- "object_pk": "187",
- "object_id": 187,
- "object_repr": "Download of Code Without Integrity Check (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\\n\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"187\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.420000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.423000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.030Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1040,
- "fields": {
- "content_type": 54,
- "object_pk": "188",
- "object_id": 188,
- "object_repr": "Session Fixation (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Session Fixation (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\\n\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** setAttribute\\n**Number:** 48\\n**Code:** this.session.setAttribute(\\\"key\\\", this.encryptKey);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"188\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.574000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.577000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.068Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1041,
- "fields": {
- "content_type": 54,
- "object_pk": "189",
- "object_id": 189,
- "object_repr": "Stored XSS (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\\n\\n**Line Number:** 34\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 34\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 38\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 38\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 42\\n**Column:** 398\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** \\\" | \\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 42\\n**Column:** 410\\n**Source Object:** getString\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\" | \\\\n\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 392\\n**Source Object:** concat\\n**Number:** 39\\n**Code:** output = output.concat(\\\"| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 39\\n**Column:** 370\\n**Source Object:** output\\n**Number:** 39\\n**Code:** output = output.concat(\\\" |
| \\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 49\\n**Column:** 355\\n**Source Object:** output\\n**Number:** 49\\n**Code:** <%= output %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"189\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.736000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.739000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.112Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1042,
- "fields": {
- "content_type": 54,
- "object_pk": "190",
- "object_id": 190,
- "object_repr": "Empty Password In Connection String (dbconnection.jspf)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"190\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.915000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.919000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.151Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1043,
- "fields": {
- "content_type": 54,
- "object_pk": "191",
- "object_id": 191,
- "object_repr": "Hardcoded password in Connection String (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2619\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"191\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.083000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.086000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.191Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1044,
- "fields": {
- "content_type": 54,
- "object_pk": "192",
- "object_id": 192,
- "object_repr": "Reflected XSS All Clients (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\" |
| \\\" + comments + \\\" |
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" |
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"192\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.242000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.245000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.231Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1045,
- "fields": {
- "content_type": 54,
- "object_pk": "193",
- "object_id": 193,
- "object_repr": "HttpOnlyCookies (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\\n\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"193\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.411000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932\"], \"line\": [\"None\", \"38\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.415000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.274Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1046,
- "fields": {
- "content_type": 54,
- "object_pk": "194",
- "object_id": 194,
- "object_repr": "Download of Code Without Integrity Check (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"194\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.579000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.583000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.314Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1047,
- "fields": {
- "content_type": 54,
- "object_pk": "195",
- "object_id": 195,
- "object_repr": "Stored XSS (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\" | \\\" + nf.format(price) + \\\" | \\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"195\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.790000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.795000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.354Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1048,
- "fields": {
- "content_type": 54,
- "object_pk": "196",
- "object_id": 196,
- "object_repr": "Empty Password In Connection String (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"196\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.983000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.988000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.393Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1049,
- "fields": {
- "content_type": 54,
- "object_pk": "197",
- "object_id": 197,
- "object_repr": "Reflected XSS All Clients (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"197\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.187000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.191000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.432Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1050,
- "fields": {
- "content_type": 54,
- "object_pk": "198",
- "object_id": 198,
- "object_repr": "Improper Resource Access Authorization (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"198\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.369000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628\"], \"line\": [\"None\", \"42\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.375000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.475Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1051,
- "fields": {
- "content_type": 54,
- "object_pk": "199",
- "object_id": 199,
- "object_repr": "Download of Code Without Integrity Check (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\\n\\n**Line Number:** 1\\n**Column:** 625\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"199\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.558000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.562000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.516Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1052,
- "fields": {
- "content_type": 54,
- "object_pk": "200",
- "object_id": 200,
- "object_repr": "Download of Code Without Integrity Check (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"200\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.764000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.766000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.561Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1053,
- "fields": {
- "content_type": 54,
- "object_pk": "201",
- "object_id": 201,
- "object_repr": "Improper Resource Access Authorization (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\\n\\n**Line Number:** 55\\n**Column:** 385\\n**Source Object:** executeQuery\\n**Number:** 55\\n**Code:** ResultSet rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE basketid = \\\" + basketId);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"201\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.957000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f\"], \"line\": [\"None\", \"55\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.960000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.606Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1054,
- "fields": {
- "content_type": 54,
- "object_pk": "202",
- "object_id": 202,
- "object_repr": "Race Condition Format Flaw (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\\n\\n**Line Number:** 262\\n**Column:** 399\\n**Source Object:** format\\n**Number:** 262\\n**Code:** out.println(\\\" | \\\" + nf.format(pricetopay) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"202\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.132000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a\"], \"line\": [\"None\", \"262\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.135000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.655Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1055,
- "fields": {
- "content_type": 54,
- "object_pk": "203",
- "object_id": 203,
- "object_repr": "Empty Password In Connection String (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\\n\\n**Line Number:** 89\\n**Column:** 1\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 89\\n**Code:** c = DriverManager.getConnection(\\\"jdbc:hsqldb:mem:SQL\\\", \\\"sa\\\", \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"203\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.331000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.335000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.697Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1056,
- "fields": {
- "content_type": 54,
- "object_pk": "204",
- "object_id": 204,
- "object_repr": "Improper Resource Access Authorization (FunctionalZAP.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (FunctionalZAP.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\\n\\n**Line Number:** 31\\n**Column:** 37\\n**Source Object:** getProperty\\n**Number:** 31\\n**Code:** String target = System.getProperty(\\\"zap.targetApp\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"204\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.524000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.528000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.738Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1057,
- "fields": {
- "content_type": 54,
- "object_pk": "205",
- "object_id": 205,
- "object_repr": "Suspected XSS (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Suspected XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** username\\n**Number:** 7\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 89\\n**Column:** 356\\n**Source Object:** username\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"205\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.696000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.704000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.777Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1058,
- "fields": {
- "content_type": 54,
- "object_pk": "206",
- "object_id": 206,
- "object_repr": "Use of Cryptographically Weak PRNG (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"206\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.911000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.925000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.817Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1059,
- "fields": {
- "content_type": 54,
- "object_pk": "207",
- "object_id": 207,
- "object_repr": "CGI Stored XSS (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"207\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.151000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.157000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.857Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1060,
- "fields": {
- "content_type": 54,
- "object_pk": "208",
- "object_id": 208,
- "object_repr": "Improper Resource Shutdown or Release (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\\n\\n**Line Number:** 1\\n**Column:** 2588\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2872\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3278\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3375\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3473\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3575\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3673\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3769\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3866\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3972\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4357\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4511\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4668\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4823\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5127\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5279\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5431\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5583\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5733\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5883\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6033\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6183\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6333\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6483\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6633\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6783\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6940\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7096\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7257\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7580\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7730\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7880\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8029\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8179\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8340\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8495\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8656\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8813\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8966\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9121\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9272\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9653\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9814\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9976\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10140\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10506\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10846\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10986\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11126\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11266\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11407\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11761\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11779\\n**Source Object:** prepareStatement\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11899\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"208\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.349000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.353000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.898Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1061,
- "fields": {
- "content_type": 54,
- "object_pk": "209",
- "object_id": 209,
- "object_repr": "Download of Code Without Integrity Check (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\\n\\n**Line Number:** 87\\n**Column:** 10\\n**Source Object:** forName\\n**Number:** 87\\n**Code:** Class.forName(\\\"org.hsqldb.jdbcDriver\\\" );\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"209\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.526000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2\"], \"line\": [\"None\", \"87\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.529000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.939Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1062,
- "fields": {
- "content_type": 54,
- "object_pk": "210",
- "object_id": 210,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\\n\\n**Line Number:** 1\\n**Column:** 728\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1648\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 53\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 53\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 240\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 274\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 274\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"210\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.687000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.690000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:14.980Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1063,
- "fields": {
- "content_type": 54,
- "object_pk": "211",
- "object_id": 211,
- "object_repr": "Blind SQL Injections (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"211\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.892000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.896000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.021Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1064,
- "fields": {
- "content_type": 54,
- "object_pk": "212",
- "object_id": 212,
- "object_repr": "Client DOM Open Redirect (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client DOM Open Redirect (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"601\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\\n\\n**Line Number:** 48\\n**Column:** 63\\n**Source Object:** href\\n**Number:** 48\\n**Code:** New Search\\n-----\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** location\\n**Number:** 48\\n**Code:** New Search\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"212\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.058000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.061000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.061Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1065,
- "fields": {
- "content_type": 54,
- "object_pk": "213",
- "object_id": 213,
- "object_repr": "Hardcoded password in Connection String (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"213\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.215000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.218000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.209Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1066,
- "fields": {
- "content_type": 54,
- "object_pk": "214",
- "object_id": 214,
- "object_repr": "CGI Stored XSS (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\" | \\\" + product + \\\" | \\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"214\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.364000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.367000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.253Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1067,
- "fields": {
- "content_type": 54,
- "object_pk": "215",
- "object_id": 215,
- "object_repr": "Use of Insufficiently Random Values (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"215\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.560000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.564000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.294Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1068,
- "fields": {
- "content_type": 54,
- "object_pk": "216",
- "object_id": 216,
- "object_repr": "Missing X Frame Options (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"216\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.719000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.722000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.336Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1069,
- "fields": {
- "content_type": 54,
- "object_pk": "217",
- "object_id": 217,
- "object_repr": "Reflected XSS All Clients (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\\n\\n**Line Number:** 10\\n**Column:** 395\\n**Source Object:** \\\"\\\"q\\\"\\\"\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 394\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** query\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 362\\n**Source Object:** query\\n**Number:** 13\\n**Code:** if (query.replaceAll(\\\"\\\\\\\\s\\\", \\\"\\\").toLowerCase().indexOf(\\\"\\\") >= 0) {\\n-----\\n**Line Number:** 18\\n**Column:** 380\\n**Source Object:** query\\n**Number:** 18\\n**Code:** You searched for: <%= query %>
\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"217\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.883000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06\"], \"line\": [\"None\", \"18\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.886000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.380Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1070,
- "fields": {
- "content_type": 54,
- "object_pk": "218",
- "object_id": 218,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\\n\\n**Line Number:** 84\\n**Column:** 372\\n**Source Object:** Cookie\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"218\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.052000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.055000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.420Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1071,
- "fields": {
- "content_type": 54,
- "object_pk": "219",
- "object_id": 219,
- "object_repr": "Information Exposure Through an Error Message (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\\n\\n**Line Number:** 35\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 35\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 37\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"219\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.208000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.211000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.469Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1072,
- "fields": {
- "content_type": 54,
- "object_pk": "220",
- "object_id": 220,
- "object_repr": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\\n\\n**Line Number:** 47\\n**Column:** 70\\n**Source Object:** 0\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 69\\n**Source Object:** substring\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 17\\n**Source Object:** encryptKey\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 17\\n**Column:** 374\\n**Source Object:** AdvancedSearch\\n**Number:** 17\\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\\n-----\\n**Line Number:** 18\\n**Column:** 357\\n**Source Object:** as\\n**Number:** 18\\n**Code:** if(as.isAjax()){\\n-----\\n**Line Number:** 26\\n**Column:** 20\\n**Source Object:** encryptKey\\n**Number:** 26\\n**Code:** private String encryptKey = null;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"220\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.415000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be\"], \"line\": [\"None\", \"26\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.421000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.511Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1073,
- "fields": {
- "content_type": 54,
- "object_pk": "221",
- "object_id": 221,
- "object_repr": "Reliance on Cookies in a Decision (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\\n\\n**Line Number:** 46\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 49\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 49\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 50\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 50\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 51\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 56\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 56\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"221\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.589000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.593000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.551Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1074,
- "fields": {
- "content_type": 54,
- "object_pk": "222",
- "object_id": 222,
- "object_repr": "Stored XSS (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\\n\\n**Line Number:** 63\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 63\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 66\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 66\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 68\\n**Column:** 411\\n**Source Object:** rs\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 423\\n**Source Object:** getString\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 68\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\" | \\\" + rs.getString(\\\"comment\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"222\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.833000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e\"], \"line\": [\"None\", \"68\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.837000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.594Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1075,
- "fields": {
- "content_type": 54,
- "object_pk": "223",
- "object_id": 223,
- "object_repr": "CGI Stored XSS (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\" | \\\" + rs.getInt(\\\"currentbasketid\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\" | \\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"223\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.027000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.031000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.640Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1076,
- "fields": {
- "content_type": 54,
- "object_pk": "224",
- "object_id": 224,
- "object_repr": "Heap Inspection (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"224\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.200000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd\"], \"line\": [\"None\", \"7\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.203000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.682Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1077,
- "fields": {
- "content_type": 54,
- "object_pk": "225",
- "object_id": 225,
- "object_repr": "Improper Resource Shutdown or Release (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\\n\\n**Line Number:** 1\\n**Column:** 721\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1641\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 20\\n**Column:** 371\\n**Source Object:** conn\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 391\\n**Source Object:** createStatement\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 364\\n**Source Object:** stmt\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 34\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 57\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 57\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"225\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.375000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.378000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.722Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1078,
- "fields": {
- "content_type": 54,
- "object_pk": "226",
- "object_id": 226,
- "object_repr": "Information Exposure Through an Error Message (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\\n\\n**Line Number:** 64\\n**Column:** 374\\n**Source Object:** e\\n**Number:** 64\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 65\\n**Column:** 357\\n**Source Object:** e\\n**Number:** 65\\n**Code:** if (e.getMessage().indexOf(\\\"Unique constraint violation\\\") >= 0) {\\n-----\\n**Line Number:** 70\\n**Column:** 392\\n**Source Object:** e\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 70\\n**Column:** 366\\n**Source Object:** println\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"226\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.557000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19\"], \"line\": [\"None\", \"70\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.560000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.764Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1079,
- "fields": {
- "content_type": 54,
- "object_pk": "227",
- "object_id": 227,
- "object_repr": "Improper Resource Access Authorization (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\\n\\n**Line Number:** 1\\n**Column:** 3261\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"227\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.727000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.732000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.804Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1080,
- "fields": {
- "content_type": 54,
- "object_pk": "228",
- "object_id": 228,
- "object_repr": "CGI Stored XSS (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 14\\n**Column:** 38\\n**Source Object:** getAttribute\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 10\\n**Source Object:** username\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 52\\n**Source Object:** username\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 8\\n**Source Object:** println\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"228\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.910000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.913000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.845Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1081,
- "fields": {
- "content_type": 54,
- "object_pk": "229",
- "object_id": 229,
- "object_repr": "Blind SQL Injections (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"229\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:33.098000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:33.101000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.886Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1082,
- "fields": {
- "content_type": 54,
- "object_pk": "230",
- "object_id": 230,
- "object_repr": "HttpOnlyCookies In Config (web.xml)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"230\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:33.286000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:33.306000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.926Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1083,
- "fields": {
- "content_type": 54,
- "object_pk": "231",
- "object_id": 231,
- "object_repr": "Use of Hard coded Cryptographic Key (AES.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\\n\\n**Line Number:** 50\\n**Column:** 43\\n**Source Object:** \\\"\\\"AES/ECB/NoPadding\\\"\\\"\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 42\\n**Source Object:** getInstance\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 19\\n**Source Object:** c2\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"231\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:33.680000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:33.683000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:15.967Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1084,
- "fields": {
- "content_type": 54,
- "object_pk": "232",
- "object_id": 232,
- "object_repr": "Improper Resource Shutdown or Release (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\\n\\n**Line Number:** 13\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"232\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:33.947000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:33.952000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.008Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1085,
- "fields": {
- "content_type": 54,
- "object_pk": "233",
- "object_id": 233,
- "object_repr": "CGI Reflected XSS All Clients (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"233\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:34.242000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:34.247000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.050Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1086,
- "fields": {
- "content_type": 54,
- "object_pk": "234",
- "object_id": 234,
- "object_repr": "Stored XSS (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\" | \\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"234\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:34.513000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:34.521000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.091Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1087,
- "fields": {
- "content_type": 54,
- "object_pk": "235",
- "object_id": 235,
- "object_repr": "Information Exposure Through an Error Message (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\\n\\n**Line Number:** 62\\n**Column:** 371\\n**Source Object:** e\\n**Number:** 62\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 65\\n**Column:** 391\\n**Source Object:** e\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 65\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"235\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:34.736000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd\"], \"line\": [\"None\", \"65\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:34.740000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.136Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1088,
- "fields": {
- "content_type": 54,
- "object_pk": "236",
- "object_id": 236,
- "object_repr": "Improper Resource Access Authorization (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\\n\\n**Line Number:** 14\\n**Column:** 396\\n**Source Object:** execute\\n**Number:** 14\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"236\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:34.931000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:34.937000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.175Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1089,
- "fields": {
- "content_type": 54,
- "object_pk": "237",
- "object_id": 237,
- "object_repr": "Improper Resource Access Authorization (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\\n\\n**Line Number:** 14\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"237\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:35.131000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:35.134000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.216Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1090,
- "fields": {
- "content_type": 54,
- "object_pk": "238",
- "object_id": 238,
- "object_repr": "Improper Resource Shutdown or Release (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\\n\\n**Line Number:** 1\\n**Column:** 669\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1589\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 15\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 15\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Users\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 27\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Baskets\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 40\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 40\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"238\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:35.361000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6\"], \"line\": [\"None\", \"40\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:35.367000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.256Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1091,
- "fields": {
- "content_type": 54,
- "object_pk": "239",
- "object_id": 239,
- "object_repr": "Information Exposure Through an Error Message (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\\n\\n**Line Number:** 55\\n**Column:** 377\\n**Source Object:** e\\n**Number:** 55\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 58\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 58\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"239\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:35.578000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2\"], \"line\": [\"None\", \"58\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:35.581000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.299Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1092,
- "fields": {
- "content_type": 54,
- "object_pk": "240",
- "object_id": 240,
- "object_repr": "Blind SQL Injections (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"240\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:35.813000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:35.818000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.346Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1093,
- "fields": {
- "content_type": 54,
- "object_pk": "241",
- "object_id": 241,
- "object_repr": "Reliance on Cookies in a Decision (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\\n\\n**Line Number:** 35\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 39\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 40\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 45\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 45\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"241\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.014000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9\"], \"line\": [\"None\", \"45\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:36.019000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.386Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1094,
- "fields": {
- "content_type": 54,
- "object_pk": "242",
- "object_id": 242,
- "object_repr": "Download of Code Without Integrity Check (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"242\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.237000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:36.247000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.428Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1095,
- "fields": {
- "content_type": 54,
- "object_pk": "243",
- "object_id": 243,
- "object_repr": "Unsynchronized Access To Shared Data (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Unsynchronized Access To Shared Data (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"567\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\\n\\n**Line Number:** 93\\n**Column:** 24\\n**Source Object:** jsonEmpty\\n**Number:** 93\\n**Code:** return this.jsonEmpty;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"243\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.465000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87\"], \"line\": [\"None\", \"93\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:36.471000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.470Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1096,
- "fields": {
- "content_type": 54,
- "object_pk": "244",
- "object_id": 244,
- "object_repr": "Empty Password In Connection String (search.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"244\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.747000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:36.756000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.512Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1097,
- "fields": {
- "content_type": 54,
- "object_pk": "245",
- "object_id": 245,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\\n\\n**Line Number:** 1\\n**Column:** 670\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1590\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 12\\n**Column:** 368\\n**Source Object:** conn\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 388\\n**Source Object:** createStatement\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 361\\n**Source Object:** stmt\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 15\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 383\\n**Source Object:** getInt\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 360\\n**Source Object:** userid\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 23\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 23\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n**Line Number:** 37\\n**Column:** 396\\n**Source Object:** getAttribute\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 358\\n**Source Object:** userid\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 420\\n**Source Object:** userid\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 376\\n**Source Object:** executeQuery\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 111\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 111\\n**Code:** rs.next();\\n-----\\n**Line Number:** 112\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 379\\n**Source Object:** getInt\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"245\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.998000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.002000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.552Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1098,
- "fields": {
- "content_type": 54,
- "object_pk": "246",
- "object_id": 246,
- "object_repr": "Improper Resource Access Authorization (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"246\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:37.224000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.232000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.597Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1099,
- "fields": {
- "content_type": 54,
- "object_pk": "247",
- "object_id": 247,
- "object_repr": "Session Fixation (logout.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Session Fixation (logout.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\\n\\n**Line Number:** 3\\n**Column:** 370\\n**Source Object:** setAttribute\\n**Number:** 3\\n**Code:** session.setAttribute(\\\"username\\\", null);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"247\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:37.433000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10\"], \"line\": [\"None\", \"3\"], \"file_path\": [\"None\", \"/root/logout.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.438000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.643Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1100,
- "fields": {
- "content_type": 54,
- "object_pk": "248",
- "object_id": 248,
- "object_repr": "Hardcoded password in Connection String (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"248\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:37.656000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.660000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.685Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1101,
- "fields": {
- "content_type": 54,
- "object_pk": "249",
- "object_id": 249,
- "object_repr": "Hardcoded password in Connection String (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 860\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"249\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:37.871000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.876000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.715Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1102,
- "fields": {
- "content_type": 54,
- "object_pk": "250",
- "object_id": 250,
- "object_repr": "Improper Resource Access Authorization (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"250\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.090000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.093000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.751Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1103,
- "fields": {
- "content_type": 54,
- "object_pk": "251",
- "object_id": 251,
- "object_repr": "Improper Resource Access Authorization (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\\n\\n**Line Number:** 91\\n**Column:** 14\\n**Source Object:** executeQuery\\n**Number:** 91\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"251\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.295000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9\"], \"line\": [\"None\", \"91\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.298000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.786Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1104,
- "fields": {
- "content_type": 54,
- "object_pk": "252",
- "object_id": 252,
- "object_repr": "Empty Password In Connection String (score.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"252\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.446000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.449000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.826Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1105,
- "fields": {
- "content_type": 54,
- "object_pk": "253",
- "object_id": 253,
- "object_repr": "Improper Resource Shutdown or Release (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\\n\\n**Line Number:** 21\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"253\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.602000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.606000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.867Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1106,
- "fields": {
- "content_type": 54,
- "object_pk": "254",
- "object_id": 254,
- "object_repr": "Improper Resource Shutdown or Release (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\\n\\n**Line Number:** 1\\n**Column:** 691\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1611\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 97\\n**Column:** 353\\n**Source Object:** conn\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 373\\n**Source Object:** createStatement\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"254\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.809000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28\"], \"line\": [\"None\", \"97\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.813000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.910Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1107,
- "fields": {
- "content_type": 54,
- "object_pk": "255",
- "object_id": 255,
- "object_repr": "Empty Password In Connection String (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"255\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.991000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.994000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.949Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1108,
- "fields": {
- "content_type": 54,
- "object_pk": "256",
- "object_id": 256,
- "object_repr": "Information Exposure Through an Error Message (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\\n\\n**Line Number:** 60\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 60\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 63\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 63\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"256\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:39.186000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb\"], \"line\": [\"None\", \"63\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:39.192000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:16.991Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1109,
- "fields": {
- "content_type": 54,
- "object_pk": "257",
- "object_id": 257,
- "object_repr": "Use of Insufficiently Random Values (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"257\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:39.385000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:39.388000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.032Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1110,
- "fields": {
- "content_type": 54,
- "object_pk": "258",
- "object_id": 258,
- "object_repr": "Stored XSS (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 89\\n**Column:** 401\\n**Source Object:** getAttribute\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"258\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:39.588000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:39.593000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.070Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1111,
- "fields": {
- "content_type": 54,
- "object_pk": "259",
- "object_id": 259,
- "object_repr": "HttpOnlyCookies (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\\n\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"259\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:39.966000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3\"], \"line\": [\"None\", \"35\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:39.970000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.114Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1112,
- "fields": {
- "content_type": 54,
- "object_pk": "260",
- "object_id": 260,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\\n\\n**Line Number:** 61\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 61\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"260\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:40.147000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99\"], \"line\": [\"None\", \"61\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:40.152000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.155Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1113,
- "fields": {
- "content_type": 54,
- "object_pk": "261",
- "object_id": 261,
- "object_repr": "Information Exposure Through an Error Message (header.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\\n\\n**Line Number:** 96\\n**Column:** 18\\n**Source Object:** e\\n**Number:** 96\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 99\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 99\\n**Column:** 9\\n**Source Object:** println\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"261\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:40.354000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215\"], \"line\": [\"None\", \"99\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:40.358000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.194Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1114,
- "fields": {
- "content_type": 54,
- "object_pk": "262",
- "object_id": 262,
- "object_repr": "Race Condition Format Flaw (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\\n\\n**Line Number:** 51\\n**Column:** 400\\n**Source Object:** format\\n**Number:** 51\\n**Code:** \\\"\\\" + nf.format(price) + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"262\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:40.562000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1\"], \"line\": [\"None\", \"51\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:40.567000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.236Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1115,
- "fields": {
- "content_type": 54,
- "object_pk": "263",
- "object_id": 263,
- "object_repr": "Stored XSS (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\" | \\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\" | \\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"263\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:40.776000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:40.782000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.275Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1116,
- "fields": {
- "content_type": 54,
- "object_pk": "264",
- "object_id": 264,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1593\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 26\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 29\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 31\\n**Code:** rs.next();\\n-----\\n**Line Number:** 32\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 377\\n**Source Object:** getInt\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 353\\n**Source Object:** userid\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 36\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 36\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"264\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.002000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.006000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.316Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1117,
- "fields": {
- "content_type": 54,
- "object_pk": "265",
- "object_id": 265,
- "object_repr": "Heap Inspection (init.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\\n\\n**Line Number:** 1\\n**Column:** 563\\n**Source Object:** passwordSize\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"265\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.203000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.210000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.357Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1118,
- "fields": {
- "content_type": 54,
- "object_pk": "266",
- "object_id": 266,
- "object_repr": "CGI Reflected XSS All Clients (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"| \\\" + comments + \\\" | \\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"266\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.419000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.423000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.396Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1119,
- "fields": {
- "content_type": 54,
- "object_pk": "267",
- "object_id": 267,
- "object_repr": "Empty Password In Connection String (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"267\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.637000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.643000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.435Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1120,
- "fields": {
- "content_type": 54,
- "object_pk": "268",
- "object_id": 268,
- "object_repr": "Information Exposure Through an Error Message (product.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\\n\\n**Line Number:** 95\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 95\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 98\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n**Line Number:** 98\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"268\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.811000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49\"], \"line\": [\"None\", \"98\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.814000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.478Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1121,
- "fields": {
- "content_type": 54,
- "object_pk": "269",
- "object_id": 269,
- "object_repr": "XSRF (password.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"XSRF (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"352\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"269\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.972000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.975000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.522Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1122,
- "fields": {
- "content_type": 54,
- "object_pk": "270",
- "object_id": 270,
- "object_repr": "Download of Code Without Integrity Check (advanced.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\\n\\n**Line Number:** 1\\n**Column:** 778\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"270\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.150000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.152000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.562Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1123,
- "fields": {
- "content_type": 54,
- "object_pk": "271",
- "object_id": 271,
- "object_repr": "Improper Resource Access Authorization (register.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\\n\\n**Line Number:** 29\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"271\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.303000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.308000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.607Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1124,
- "fields": {
- "content_type": 54,
- "object_pk": "272",
- "object_id": 272,
- "object_repr": "Download of Code Without Integrity Check (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\\n\\n**Line Number:** 1\\n**Column:** 680\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"272\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.477000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.480000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.650Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1125,
- "fields": {
- "content_type": 54,
- "object_pk": "273",
- "object_id": 273,
- "object_repr": "Improper Resource Access Authorization (admin.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\\n\\n**Line Number:** 12\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 12\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"273\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.636000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099\"], \"line\": [\"None\", \"12\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.640000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.691Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1126,
- "fields": {
- "content_type": 54,
- "object_pk": "274",
- "object_id": 274,
- "object_repr": "Use of Cryptographically Weak PRNG (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"274\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.816000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.819000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.730Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1127,
- "fields": {
- "content_type": 54,
- "object_pk": "275",
- "object_id": 275,
- "object_repr": "Improper Resource Shutdown or Release (contact.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\\n\\n**Line Number:** 24\\n**Column:** 377\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 398\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 27\\n**Code:** stmt.setString(1, username);\\n-----\\n**Line Number:** 28\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 28\\n**Code:** stmt.setString(2, comments);\\n-----\\n**Line Number:** 29\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 29\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"275\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.999000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:43.002000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.770Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1128,
- "fields": {
- "content_type": 54,
- "object_pk": "276",
- "object_id": 276,
- "object_repr": "Reflected XSS All Clients (login.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"
\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"276\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:43.197000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:43.202000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.812Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1129,
- "fields": {
- "content_type": 54,
- "object_pk": "277",
- "object_id": 277,
- "object_repr": "Use of Insufficiently Random Values (home.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"277\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:43.364000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:43.369000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.852Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1130,
- "fields": {
- "content_type": 54,
- "object_pk": "278",
- "object_id": 278,
- "object_repr": "SQL Injection (basket.jsp)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"278\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:43.552000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:43.555000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.893Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1131,
- "fields": {
- "content_type": 54,
- "object_pk": "279",
- "object_id": 279,
- "object_repr": "test",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"test\"], \"date\": [\"None\", \"2021-11-03\"], \"url\": [\"None\", \"No url given\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"asdf\"], \"mitigation\": [\"None\", \"adf\"], \"impact\": [\"None\", \"asdf\"], \"steps_to_reproduce\": [\"None\", \"\"], \"severity_justification\": [\"None\", \"\"], \"id\": [\"None\", \"279\"], \"references\": [\"None\", \"No references given\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Pen Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"hash_code\": [\"None\", \"df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 17:14:15.434000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.933Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1132,
- "fields": {
- "content_type": 54,
- "object_pk": "280",
- "object_id": 280,
- "object_repr": "notepad++.exe | CVE-2007-2666",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"notepad++.exe | CVE-2007-2666\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"1035\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\\n\\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"280\"], \"references\": [\"None\", \"name: 23961\\nsource: BID\\nurl: http://www.securityfocus.com/bid/23961\\n\\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\\nsource: BUGTRAQ\\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\\n\\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\\nsource: BUGTRAQ\\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\\n\\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\\nsource: CONFIRM\\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\\n\\nname: 3912\\nsource: MILW0RM\\nurl: http://www.milw0rm.com/exploits/3912\\n\\nname: ADV-2007-1794\\nsource: VUPEN\\nurl: http://www.vupen.com/english/advisories/2007/1794\\n\\nname: ADV-2007-1867\\nsource: VUPEN\\nurl: http://www.vupen.com/english/advisories/2007/1867\\n\\nname: notepadplus-rb-bo(34269)\\nsource: XF\\nurl: http://xforce.iss.net/xforce/xfdb/34269\\n\\nname: scintilla-rb-bo(34372)\\nsource: XF\\nurl: http://xforce.iss.net/xforce/xfdb/34372\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Dependency Check Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:22:26.290000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a\"], \"file_path\": [\"None\", \"notepad++.exe\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:22:26.294000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:17.973Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1133,
- "fields": {
- "content_type": 54,
- "object_pk": "281",
- "object_id": 281,
- "object_repr": "notepad++.exe | CVE-2008-3436",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"notepad++.exe | CVE-2008-3436\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"1035\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"CWE-94 Improper Control of Generation of Code ('Code Injection')\\n\\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"281\"], \"references\": [\"None\", \"name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\\nsource: FULLDISC\\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\\n\\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\\nsource: MISC\\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Dependency Check Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:22:26.568000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb\"], \"file_path\": [\"None\", \"notepad++.exe\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:22:26.571000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.014Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1134,
- "fields": {
- "content_type": 54,
- "object_pk": "282",
- "object_id": 282,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Account\\\\ViewAccountInfo.aspx.cs\\nLine: 22\\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"282\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:56.911000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:56.915000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.055Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1135,
- "fields": {
- "content_type": 54,
- "object_pk": "283",
- "object_id": 283,
- "object_repr": ".NET Debugging Enabled",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \".NET Debugging Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Severity: Medium\\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Web.config\\nLine: 25\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"283\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.105000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.107000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.094Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1136,
- "fields": {
- "content_type": 54,
- "object_pk": "284",
- "object_id": 284,
- "object_repr": "URL Request Gets Path from Variable",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"URL Request Gets Path from Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\PackageTracking.aspx.cs\\nLine: 72\\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"284\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.285000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.288000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.135Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1137,
- "fields": {
- "content_type": 54,
- "object_pk": "285",
- "object_id": 285,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\XtremelyEvilWebApp\\\\StealCookies.aspx.cs\\nLine: 19\\nCodeLine: TODO: Mail the cookie in real time.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.483000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.485000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.175Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1138,
- "fields": {
- "content_type": 54,
- "object_pk": "286",
- "object_id": 286,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\CustomerRepository.cs\\nLine: 41\\nCodeLine: TODO: Add try/catch logic\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"286\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.662000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.665000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.215Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1139,
- "fields": {
- "content_type": 54,
- "object_pk": "287",
- "object_id": 287,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\ShipperRepository.cs\\nLine: 37\\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"287\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.857000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.860000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.253Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1140,
- "fields": {
- "content_type": 54,
- "object_pk": "288",
- "object_id": 288,
- "object_repr": ".NET Debugging Enabled",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \".NET Debugging Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Severity: Medium\\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\XtremelyEvilWebApp\\\\Web.config\\nLine: 6\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"288\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.047000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.050000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.291Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1141,
- "fields": {
- "content_type": 54,
- "object_pk": "289",
- "object_id": 289,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Product.aspx.cs\\nLine: 58\\nCodeLine: TODO: Put this in try/catch as well\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"289\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.246000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.249000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.330Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1142,
- "fields": {
- "content_type": 54,
- "object_pk": "290",
- "object_id": 290,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Checkout\\\\Checkout.aspx.cs\\nLine: 145\\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"290\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.452000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.455000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.375Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1143,
- "fields": {
- "content_type": 54,
- "object_pk": "291",
- "object_id": 291,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Order.cs\\nLine: 27\\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"291\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.643000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.645000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.414Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1144,
- "fields": {
- "content_type": 54,
- "object_pk": "292",
- "object_id": 292,
- "object_repr": "URL Request Gets Path from Variable",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"URL Request Gets Path from Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Account\\\\Register.aspx.cs\\nLine: 35\\nCodeLine: Response.Redirect(continueUrl);\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"292\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.836000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.838000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.452Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1145,
- "fields": {
- "content_type": 54,
- "object_pk": "293",
- "object_id": 293,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\BlogResponseRepository.cs\\nLine: 18\\nCodeLine: TODO: should put this in a try/catch\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"293\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.005000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.007000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.498Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1146,
- "fields": {
- "content_type": 54,
- "object_pk": "294",
- "object_id": 294,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\BlogEntryRepository.cs\\nLine: 18\\nCodeLine: TODO: should put this in a try/catch\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"294\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.201000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.205000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.538Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1147,
- "fields": {
- "content_type": 54,
- "object_pk": "295",
- "object_id": 295,
- "object_repr": "URL Request Gets Path from Variable",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"URL Request Gets Path from Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\PackageTracking.aspx.cs\\nLine: 25\\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"295\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.422000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.425000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.575Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1148,
- "fields": {
- "content_type": 54,
- "object_pk": "296",
- "object_id": 296,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Cart.cs\\nLine: 16\\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"296\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.586000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.588000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.620Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1149,
- "fields": {
- "content_type": 54,
- "object_pk": "297",
- "object_id": 297,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Cart.cs\\nLine: 41\\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"297\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.765000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.768000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.664Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1150,
- "fields": {
- "content_type": 54,
- "object_pk": "298",
- "object_id": 298,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Product.aspx.cs\\nLine: 59\\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"298\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.942000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.945000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.704Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1151,
- "fields": {
- "content_type": 54,
- "object_pk": "299",
- "object_id": 299,
- "object_repr": "Comment Indicates Potentially Unfinished Code",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Checkout\\\\Checkout.aspx.cs\\nLine: 102\\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"299\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:24:00.128000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:24:00.131000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.745Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1152,
- "fields": {
- "content_type": 54,
- "object_pk": "300",
- "object_id": 300,
- "object_repr": "Password field with autocomplete enabled",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Password field with autocomplete enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field with autocomplete enabled:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\\\"off\\\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\\n\\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\\n\"], \"impact\": [\"None\", \"Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\\n\\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \\n\"], \"id\": [\"None\", \"300\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:08.321000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.784Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1153,
- "fields": {
- "content_type": 54,
- "object_pk": "301",
- "object_id": 301,
- "object_repr": "Frameable response (potential Clickjacking)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Frameable response (potential Clickjacking)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/logout.jsp\\n\\n\\nURL: http://localhost:8888/\\n\\n\\nURL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\\n\"], \"impact\": [\"None\", \"If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\\n\\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \\\"framebusting\\\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\\n\\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \\n\"], \"id\": [\"None\", \"301\"], \"references\": [\"None\", \"\\n\\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:08.600000\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.831Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1154,
- "fields": {
- "content_type": 54,
- "object_pk": "302",
- "object_id": 302,
- "object_repr": "Cross-site scripting (reflected)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cross-site scripting (reflected)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\\n\\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \\\" ' and =, should be replaced with the corresponding HTML entities (< > etc).\\n\\n\\n\\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\\n\"], \"impact\": [\"None\", \"Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\\n\\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\\n\\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\\n\\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \\n\"], \"id\": [\"None\", \"302\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.076000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.871Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1155,
- "fields": {
- "content_type": 54,
- "object_pk": "303",
- "object_id": 303,
- "object_repr": "Unencrypted communications",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Unencrypted communications\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\\n\"], \"impact\": [\"None\", \"The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\\n\\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \\n\\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\\n\"], \"id\": [\"None\", \"303\"], \"references\": [\"None\", \"\\n\\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.291000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.915Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1156,
- "fields": {
- "content_type": 54,
- "object_pk": "304",
- "object_id": 304,
- "object_repr": "Password returned in later response",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Password returned in later response\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\\n\"], \"impact\": [\"None\", \"Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"id\": [\"None\", \"304\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.503000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:18.958Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1157,
- "fields": {
- "content_type": 54,
- "object_pk": "305",
- "object_id": 305,
- "object_repr": "Email addresses disclosed",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Email addresses disclosed\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@test.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\\n\\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \\n\"], \"impact\": [\"None\", \"The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\\n\\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\\n\"], \"id\": [\"None\", \"305\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.709000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.000Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1158,
- "fields": {
- "content_type": 54,
- "object_pk": "306",
- "object_id": 306,
- "object_repr": "Cross-site request forgery",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cross-site request forgery\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\\n\\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \\n\"], \"impact\": [\"None\", \"Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\\n\\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\\n\\n\\n\"], \"id\": [\"None\", \"306\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.990000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.044Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1159,
- "fields": {
- "content_type": 54,
- "object_pk": "307",
- "object_id": 307,
- "object_repr": "SQL injection",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL injection\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \\n \\nThe database appears to be Microsoft SQL Server.\\n\\n\"], \"mitigation\": [\"None\", \"The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \\n\\n\\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\\n\\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \\n\\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\\n\\n\\n\"], \"impact\": [\"None\", \"SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\\n\\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \\n\"], \"id\": [\"None\", \"307\"], \"references\": [\"None\", \"\\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:10.214000\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.086Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1160,
- "fields": {
- "content_type": 54,
- "object_pk": "308",
- "object_id": 308,
- "object_repr": "Path-relative style sheet import",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Path-relative style sheet import\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/logout.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \\n\\n * Setting the HTTP response header \\\"X-Frame-Options: deny\\\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\\n * Setting a modern doctype (e.g. \\\"\\\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\\n * Setting the HTTP response header \\\"X-Content-Type-Options: no sniff\\\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\\n\\n\\n\"], \"impact\": [\"None\", \"Path-relative style sheet import vulnerabilities arise when the following conditions hold:\\n\\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \\\"/original-path/file.php\\\" might import \\\"styles/main.css\\\").\\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \\\"/original-path/file.php/extra-junk/\\\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \\\"/original-path/file.php/extra-junk/styles/main.css\\\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\\n\\n\\n\\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\\n\\n * Executing arbitrary JavaScript using IE's expression() function.\\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\\n\\n\\n\"], \"id\": [\"None\", \"308\"], \"references\": [\"None\", \"\\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:10.480000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.132Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1161,
- "fields": {
- "content_type": 54,
- "object_pk": "309",
- "object_id": 309,
- "object_repr": "Cleartext submission of password",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cleartext submission of password\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\\n\"], \"impact\": [\"None\", \"Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"id\": [\"None\", \"309\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:10.892000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.177Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1162,
- "fields": {
- "content_type": 54,
- "object_pk": "310",
- "object_id": 310,
- "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 59\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(notFound)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"310\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:08.495000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:08.498000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.221Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1163,
- "fields": {
- "content_type": 54,
- "object_pk": "311",
- "object_id": 311,
- "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 58\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(value)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"311\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:08.748000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:08.751000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.260Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1164,
- "fields": {
- "content_type": 54,
- "object_pk": "312",
- "object_id": 312,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 165\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"312\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.021000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.023000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.298Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1165,
- "fields": {
- "content_type": 54,
- "object_pk": "313",
- "object_id": 313,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 82\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"313\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.244000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.246000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.338Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1166,
- "fields": {
- "content_type": 54,
- "object_pk": "314",
- "object_id": 314,
- "object_repr": "SQL string formatting-G201",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL string formatting-G201\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\\nLine number: 36-39\\nIssue Confidence: HIGH\\n\\nCode:\\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \\n\\t\\t\\t\\t\\t\\t\\t\\tFROM Profile as p,Users as u \\n\\t\\t\\t\\t\\t\\t\\t\\twhere p.user_id = u.id \\n\\t\\t\\t\\t\\t\\t\\t\\tand u.id=%s`,uid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"314\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.431000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/sqli/function.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.434000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.387Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1167,
- "fields": {
- "content_type": 54,
- "object_pk": "315",
- "object_id": 315,
- "object_repr": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blacklisted import crypto/md5: weak cryptographic primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 8\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"315\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.630000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.633000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.433Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1168,
- "fields": {
- "content_type": 54,
- "object_pk": "316",
- "object_id": 316,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 124\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"316\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.840000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.843000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.478Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1169,
- "fields": {
- "content_type": 54,
- "object_pk": "317",
- "object_id": 317,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 63\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"317\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.049000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.052000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.523Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1170,
- "fields": {
- "content_type": 54,
- "object_pk": "318",
- "object_id": 318,
- "object_repr": "Use of weak cryptographic primitive-G401",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of weak cryptographic primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 164\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"318\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.279000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.281000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.561Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1171,
- "fields": {
- "content_type": 54,
- "object_pk": "319",
- "object_id": 319,
- "object_repr": "Use of weak cryptographic primitive-G401",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of weak cryptographic primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 160\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"319\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.485000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.488000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.595Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1172,
- "fields": {
- "content_type": 54,
- "object_pk": "320",
- "object_id": 320,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 35\\nIssue Confidence: HIGH\\n\\nCode:\\nw.Write(b)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"320\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.677000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.679000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.641Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1173,
- "fields": {
- "content_type": 54,
- "object_pk": "321",
- "object_id": 321,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\\nLine number: 70\\nIssue Confidence: HIGH\\n\\nCode:\\nsqlmapDetected, _ := regexp.MatchString(\\\"sqlmap*\\\", userAgent)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"321\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.869000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/middleware/middleware.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.872000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.685Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1174,
- "fields": {
- "content_type": 54,
- "object_pk": "322",
- "object_id": 322,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\\nLine number: 73\\nIssue Confidence: HIGH\\n\\nCode:\\nw.Write([]byte(\\\"Forbidden\\\"))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"322\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.062000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/middleware/middleware.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.065000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.729Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1175,
- "fields": {
- "content_type": 54,
- "object_pk": "323",
- "object_id": 323,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/app.go\\nLine number: 79\\nIssue Confidence: HIGH\\n\\nCode:\\ns.ListenAndServe()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"323\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.239000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/app.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.242000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.772Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1176,
- "fields": {
- "content_type": 54,
- "object_pk": "324",
- "object_id": 324,
- "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 62\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(value)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"324\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.433000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.435000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.815Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1177,
- "fields": {
- "content_type": 54,
- "object_pk": "325",
- "object_id": 325,
- "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 63\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(vuln)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"325\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.620000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.622000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.860Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1178,
- "fields": {
- "content_type": 54,
- "object_pk": "326",
- "object_id": 326,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/setting/setting.go\\nLine number: 66\\nIssue Confidence: HIGH\\n\\nCode:\\n_ = db.QueryRow(sql).Scan(&version)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"326\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.797000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/setting/setting.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.800000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.903Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1179,
- "fields": {
- "content_type": 54,
- "object_pk": "327",
- "object_id": 327,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/setting/setting.go\\nLine number: 64\\nIssue Confidence: HIGH\\n\\nCode:\\ndb,_ := database.Connect()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"327\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.990000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/setting/setting.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.992000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.943Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1180,
- "fields": {
- "content_type": 54,
- "object_pk": "328",
- "object_id": 328,
- "object_repr": "Use of weak cryptographic primitive-G401",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of weak cryptographic primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 62\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"328\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.172000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.175000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:19.982Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1181,
- "fields": {
- "content_type": 54,
- "object_pk": "329",
- "object_id": 329,
- "object_repr": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blacklisted import crypto/md5: weak cryptographic primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 7\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"329\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.359000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.361000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.022Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1182,
- "fields": {
- "content_type": 54,
- "object_pk": "330",
- "object_id": 330,
- "object_repr": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blacklisted import crypto/md5: weak cryptographic primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 8\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"330\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.552000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.555000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.064Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1183,
- "fields": {
- "content_type": 54,
- "object_pk": "331",
- "object_id": 331,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/cookie.go\\nLine number: 42\\nIssue Confidence: HIGH\\n\\nCode:\\ncookie, _ := r.Cookie(name)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"331\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.737000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/cookie.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.739000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.108Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1184,
- "fields": {
- "content_type": 54,
- "object_pk": "332",
- "object_id": 332,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 42\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"332\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.979000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.982000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.149Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1185,
- "fields": {
- "content_type": 54,
- "object_pk": "333",
- "object_id": 333,
- "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 100\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(inlineJS)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"333\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:13.202000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:13.204000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.186Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1186,
- "fields": {
- "content_type": 54,
- "object_pk": "334",
- "object_id": 334,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 61\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"334\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:13.417000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:13.420000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.226Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1187,
- "fields": {
- "content_type": 54,
- "object_pk": "335",
- "object_id": 335,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 161\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"335\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:13.631000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:13.635000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.267Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1188,
- "fields": {
- "content_type": 54,
- "object_pk": "336",
- "object_id": 336,
- "object_repr": "Errors unhandled.-G104",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 41\\nIssue Confidence: HIGH\\n\\nCode:\\ntemplate.ExecuteTemplate(w, name, data)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"336\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:13.917000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:13.920000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.306Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1189,
- "fields": {
- "content_type": 54,
- "object_pk": "337",
- "object_id": 337,
- "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 45\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(text)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"337\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:14.148000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:14.152000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.345Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1190,
- "fields": {
- "content_type": 54,
- "object_pk": "338",
- "object_id": 338,
- "object_repr": "Password field with autocomplete enabled",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Password field with autocomplete enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field with autocomplete enabled:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\\\"off\\\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\\n\\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\\n\"], \"impact\": [\"None\", \"Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\\n\\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \\n\"], \"id\": [\"None\", \"338\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:56.374000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:56.377000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.391Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1191,
- "fields": {
- "content_type": 54,
- "object_pk": "339",
- "object_id": 339,
- "object_repr": "Frameable response (potential Clickjacking)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Frameable response (potential Clickjacking)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/logout.jsp\\n\\n\\nURL: http://localhost:8888/\\n\\n\\nURL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\\n\"], \"impact\": [\"None\", \"If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\\n\\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \\\"framebusting\\\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\\n\\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \\n\"], \"id\": [\"None\", \"339\"], \"references\": [\"None\", \"\\n\\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:56.664000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:56.668000\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.432Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1192,
- "fields": {
- "content_type": 54,
- "object_pk": "340",
- "object_id": 340,
- "object_repr": "Cross-site scripting (reflected)",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cross-site scripting (reflected)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\\n\\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \\\" ' and =, should be replaced with the corresponding HTML entities (< > etc).\\n\\n\\n\\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\\n\"], \"impact\": [\"None\", \"Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\\n\\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\\n\\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\\n\\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \\n\"], \"id\": [\"None\", \"340\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:57.169000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:57.173000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.479Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1193,
- "fields": {
- "content_type": 54,
- "object_pk": "341",
- "object_id": 341,
- "object_repr": "Unencrypted communications",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Unencrypted communications\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\\n\"], \"impact\": [\"None\", \"The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\\n\\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \\n\\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\\n\"], \"id\": [\"None\", \"341\"], \"references\": [\"None\", \"\\n\\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:57.467000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:57.469000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.526Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1194,
- "fields": {
- "content_type": 54,
- "object_pk": "342",
- "object_id": 342,
- "object_repr": "Password returned in later response",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Password returned in later response\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\\n\"], \"impact\": [\"None\", \"Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"id\": [\"None\", \"342\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:57.725000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:57.728000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.568Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1195,
- "fields": {
- "content_type": 54,
- "object_pk": "343",
- "object_id": 343,
- "object_repr": "Email addresses disclosed",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Email addresses disclosed\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@test.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\\n\\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \\n\"], \"impact\": [\"None\", \"The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\\n\\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\\n\"], \"id\": [\"None\", \"343\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:57.976000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:57.978000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.610Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1196,
- "fields": {
- "content_type": 54,
- "object_pk": "344",
- "object_id": 344,
- "object_repr": "Cross-site request forgery",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cross-site request forgery\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\\n\\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \\n\"], \"impact\": [\"None\", \"Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\\n\\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\\n\\n\\n\"], \"id\": [\"None\", \"344\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:58.316000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:58.319000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.655Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1197,
- "fields": {
- "content_type": 54,
- "object_pk": "345",
- "object_id": 345,
- "object_repr": "SQL injection",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL injection\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \\n \\nThe database appears to be Microsoft SQL Server.\\n\\n\"], \"mitigation\": [\"None\", \"The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \\n\\n\\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\\n\\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \\n\\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\\n\\n\\n\"], \"impact\": [\"None\", \"SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\\n\\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \\n\"], \"id\": [\"None\", \"345\"], \"references\": [\"None\", \"\\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:58.571000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:58.575000\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.700Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1198,
- "fields": {
- "content_type": 54,
- "object_pk": "346",
- "object_id": 346,
- "object_repr": "Path-relative style sheet import",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Path-relative style sheet import\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/logout.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \\n\\n * Setting the HTTP response header \\\"X-Frame-Options: deny\\\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\\n * Setting a modern doctype (e.g. \\\"\\\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\\n * Setting the HTTP response header \\\"X-Content-Type-Options: no sniff\\\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\\n\\n\\n\"], \"impact\": [\"None\", \"Path-relative style sheet import vulnerabilities arise when the following conditions hold:\\n\\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \\\"/original-path/file.php\\\" might import \\\"styles/main.css\\\").\\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \\\"/original-path/file.php/extra-junk/\\\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \\\"/original-path/file.php/extra-junk/styles/main.css\\\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\\n\\n\\n\\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\\n\\n * Executing arbitrary JavaScript using IE's expression() function.\\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\\n\\n\\n\"], \"id\": [\"None\", \"346\"], \"references\": [\"None\", \"\\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:58.868000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:58.871000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.747Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1199,
- "fields": {
- "content_type": 54,
- "object_pk": "347",
- "object_id": 347,
- "object_repr": "Cleartext submission of password",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cleartext submission of password\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\\n\"], \"impact\": [\"None\", \"Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"id\": [\"None\", \"347\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:59.333000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:59.337000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.793Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1200,
- "fields": {
- "content_type": 58,
- "object_pk": "1",
- "object_id": 1,
- "object_repr": "XSS template",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"description\": [\"None\", \"XSS test template\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"template_match\": [\"None\", \"False\"], \"template_match_title\": [\"None\", \"False\"], \"id\": [\"None\", \"1\"], \"title\": [\"None\", \"XSS template\"], \"severity\": [\"None\", \"HIGH\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:20.836Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1203,
- "fields": {
- "content_type": 61,
- "object_pk": "1",
- "object_id": 1,
- "object_repr": "Simple Builtin Risk Acceptance",
- "serialized_data": null,
- "action": 0,
- "changes": "{\"created\": [\"None\", \"2024-01-28 23:13:08.520000\"], \"name\": [\"None\", \"Simple Builtin Risk Acceptance\"], \"recommendation\": [\"None\", \"F\"], \"decision\": [\"None\", \"A\"], \"decision_details\": [\"None\", \"These findings are accepted using a simple risk acceptance without expiration date, approval document or compensating control information. Unaccept and use full risk acceptance if you need to have more control over those fields.\"], \"path\": [\"None\", \"\"], \"owner\": [\"None\", \"(admin)\"], \"reactivate_expired\": [\"None\", \"True\"], \"restart_sla_expired\": [\"None\", \"False\"], \"id\": [\"None\", \"1\"], \"updated\": [\"None\", \"2024-01-28 23:13:08.520000\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-09T17:47:21.137Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1204,
- "fields": {
- "content_type": 58,
- "object_pk": "5",
- "object_id": 5,
- "object_repr": "High Impact Test Finding",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"High Impact test finding\", \"High Impact Test Finding\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"numerical_severity\": [\"S0\", \"S1\"], \"static_finding\": [\"False\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:12.847Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1205,
- "fields": {
- "content_type": 58,
- "object_pk": "3",
- "object_id": 3,
- "object_repr": "High Impact Test Finding",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"High Impact test finding\", \"High Impact Test Finding\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"numerical_severity\": [\"S0\", \"S1\"], \"static_finding\": [\"False\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.278Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1206,
- "fields": {
- "content_type": 58,
- "object_pk": "4",
- "object_id": 4,
- "object_repr": "High Impact Test Finding",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"High Impact test finding\", \"High Impact Test Finding\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"numerical_severity\": [\"S0\", \"S1\"], \"static_finding\": [\"False\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.295Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1207,
- "fields": {
- "content_type": 58,
- "object_pk": "6",
- "object_id": 6,
- "object_repr": "High Impact Test Finding",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"High Impact test finding\", \"High Impact Test Finding\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"numerical_severity\": [\"S0\", \"S1\"], \"static_finding\": [\"False\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.312Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1208,
- "fields": {
- "content_type": 58,
- "object_pk": "7",
- "object_id": 7,
- "object_repr": "Dummy Finding",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"DUMMY FINDING\", \"Dummy Finding\"], \"sla_expiration_date\": [\"None\", \"2021-04-19\"], \"numerical_severity\": [\"S0\", \"S1\"], \"static_finding\": [\"False\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.329Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1209,
- "fields": {
- "content_type": 29,
- "object_pk": "2",
- "object_id": 2,
- "object_repr": "Internal CRM App",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"prod_numeric_grade\": [\"None\", \"51\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.336Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1210,
- "fields": {
- "content_type": 58,
- "object_pk": "309",
- "object_id": 309,
- "object_repr": "Cleartext Submission of Password",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Cleartext submission of password\", \"Cleartext Submission of Password\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.344Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1211,
- "fields": {
- "content_type": 58,
- "object_pk": "347",
- "object_id": 347,
- "object_repr": "Cleartext Submission of Password",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Cleartext submission of password\", \"Cleartext Submission of Password\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.359Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1212,
- "fields": {
- "content_type": 58,
- "object_pk": "302",
- "object_id": 302,
- "object_repr": "Cross-Site Scripting (Reflected)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Cross-site scripting (reflected)\", \"Cross-Site Scripting (Reflected)\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.373Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1213,
- "fields": {
- "content_type": 58,
- "object_pk": "340",
- "object_id": 340,
- "object_repr": "Cross-Site Scripting (Reflected)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Cross-site scripting (reflected)\", \"Cross-Site Scripting (Reflected)\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.389Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1214,
- "fields": {
- "content_type": 58,
- "object_pk": "345",
- "object_id": 345,
- "object_repr": "SQL Injection",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"SQL injection\", \"SQL Injection\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.404Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1215,
- "fields": {
- "content_type": 58,
- "object_pk": "307",
- "object_id": 307,
- "object_repr": "SQL Injection",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"SQL injection\", \"SQL Injection\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.420Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1216,
- "fields": {
- "content_type": 58,
- "object_pk": "280",
- "object_id": 280,
- "object_repr": "Notepad++.exe | CVE-2007-2666",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"notepad++.exe | CVE-2007-2666\", \"Notepad++.exe | CVE-2007-2666\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"static_finding\": [\"False\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.438Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1217,
- "fields": {
- "content_type": 58,
- "object_pk": "281",
- "object_id": 281,
- "object_repr": "Notepad++.exe | CVE-2008-3436",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"notepad++.exe | CVE-2008-3436\", \"Notepad++.exe | CVE-2008-3436\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"static_finding\": [\"False\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.454Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1218,
- "fields": {
- "content_type": 58,
- "object_pk": "145",
- "object_id": 145,
- "object_repr": "Reflected XSS All Clients (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.469Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1219,
- "fields": {
- "content_type": 58,
- "object_pk": "13",
- "object_id": 13,
- "object_repr": "Reflected XSS All Clients (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.483Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1220,
- "fields": {
- "content_type": 58,
- "object_pk": "60",
- "object_id": 60,
- "object_repr": "Reflected XSS All Clients (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.497Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1221,
- "fields": {
- "content_type": 58,
- "object_pk": "192",
- "object_id": 192,
- "object_repr": "Reflected XSS All Clients (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.513Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1222,
- "fields": {
- "content_type": 58,
- "object_pk": "276",
- "object_id": 276,
- "object_repr": "Reflected XSS All Clients (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.529Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1223,
- "fields": {
- "content_type": 58,
- "object_pk": "65",
- "object_id": 65,
- "object_repr": "Reflected XSS All Clients (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.545Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1224,
- "fields": {
- "content_type": 58,
- "object_pk": "197",
- "object_id": 197,
- "object_repr": "Reflected XSS All Clients (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.561Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1225,
- "fields": {
- "content_type": 58,
- "object_pk": "217",
- "object_id": 217,
- "object_repr": "Reflected XSS All Clients (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.577Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1226,
- "fields": {
- "content_type": 58,
- "object_pk": "85",
- "object_id": 85,
- "object_repr": "Reflected XSS All Clients (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.593Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1227,
- "fields": {
- "content_type": 58,
- "object_pk": "278",
- "object_id": 278,
- "object_repr": "SQL Injection (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.610Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1228,
- "fields": {
- "content_type": 58,
- "object_pk": "45",
- "object_id": 45,
- "object_repr": "SQL Injection (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.626Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1229,
- "fields": {
- "content_type": 58,
- "object_pk": "177",
- "object_id": 177,
- "object_repr": "SQL Injection (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.642Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1230,
- "fields": {
- "content_type": 58,
- "object_pk": "18",
- "object_id": 18,
- "object_repr": "SQL Injection (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.658Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1231,
- "fields": {
- "content_type": 58,
- "object_pk": "150",
- "object_id": 150,
- "object_repr": "SQL Injection (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.673Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1232,
- "fields": {
- "content_type": 58,
- "object_pk": "8",
- "object_id": 8,
- "object_repr": "SQL Injection (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.689Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1233,
- "fields": {
- "content_type": 58,
- "object_pk": "140",
- "object_id": 140,
- "object_repr": "SQL Injection (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.705Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1234,
- "fields": {
- "content_type": 58,
- "object_pk": "51",
- "object_id": 51,
- "object_repr": "Stored XSS (admin.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.722Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1235,
- "fields": {
- "content_type": 58,
- "object_pk": "183",
- "object_id": 183,
- "object_repr": "Stored XSS (admin.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.739Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1236,
- "fields": {
- "content_type": 58,
- "object_pk": "151",
- "object_id": 151,
- "object_repr": "Stored XSS (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.754Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1237,
- "fields": {
- "content_type": 58,
- "object_pk": "19",
- "object_id": 19,
- "object_repr": "Stored XSS (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.771Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1238,
- "fields": {
- "content_type": 58,
- "object_pk": "258",
- "object_id": 258,
- "object_repr": "Stored XSS (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.787Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1239,
- "fields": {
- "content_type": 58,
- "object_pk": "126",
- "object_id": 126,
- "object_repr": "Stored XSS (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.804Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1240,
- "fields": {
- "content_type": 58,
- "object_pk": "90",
- "object_id": 90,
- "object_repr": "Stored XSS (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.821Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1241,
- "fields": {
- "content_type": 58,
- "object_pk": "222",
- "object_id": 222,
- "object_repr": "Stored XSS (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.837Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1242,
- "fields": {
- "content_type": 58,
- "object_pk": "63",
- "object_id": 63,
- "object_repr": "Stored XSS (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.853Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1243,
- "fields": {
- "content_type": 58,
- "object_pk": "195",
- "object_id": 195,
- "object_repr": "Stored XSS (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.868Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1244,
- "fields": {
- "content_type": 58,
- "object_pk": "263",
- "object_id": 263,
- "object_repr": "Stored XSS (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.885Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1245,
- "fields": {
- "content_type": 58,
- "object_pk": "131",
- "object_id": 131,
- "object_repr": "Stored XSS (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.902Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1246,
- "fields": {
- "content_type": 58,
- "object_pk": "234",
- "object_id": 234,
- "object_repr": "Stored XSS (score.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.920Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1247,
- "fields": {
- "content_type": 58,
- "object_pk": "102",
- "object_id": 102,
- "object_repr": "Stored XSS (score.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.937Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1248,
- "fields": {
- "content_type": 58,
- "object_pk": "189",
- "object_id": 189,
- "object_repr": "Stored XSS (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.954Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1249,
- "fields": {
- "content_type": 58,
- "object_pk": "57",
- "object_id": 57,
- "object_repr": "Stored XSS (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2019-12-17\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.969Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1250,
- "fields": {
- "content_type": 58,
- "object_pk": "288",
- "object_id": 288,
- "object_repr": ".NET Debugging Enabled",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.984Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1251,
- "fields": {
- "content_type": 58,
- "object_pk": "283",
- "object_id": 283,
- "object_repr": ".NET Debugging Enabled",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:13.999Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1252,
- "fields": {
- "content_type": 58,
- "object_pk": "315",
- "object_id": 315,
- "object_repr": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Blacklisted import crypto/md5: weak cryptographic primitive-G501\", \"Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.015Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1253,
- "fields": {
- "content_type": 58,
- "object_pk": "329",
- "object_id": 329,
- "object_repr": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Blacklisted import crypto/md5: weak cryptographic primitive-G501\", \"Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.031Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1254,
- "fields": {
- "content_type": 58,
- "object_pk": "330",
- "object_id": 330,
- "object_repr": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Blacklisted import crypto/md5: weak cryptographic primitive-G501\", \"Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.047Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1255,
- "fields": {
- "content_type": 58,
- "object_pk": "342",
- "object_id": 342,
- "object_repr": "Password Returned in Later Response",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Password returned in later response\", \"Password Returned in Later Response\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.062Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1256,
- "fields": {
- "content_type": 58,
- "object_pk": "304",
- "object_id": 304,
- "object_repr": "Password Returned in Later Response",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Password returned in later response\", \"Password Returned in Later Response\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.076Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1257,
- "fields": {
- "content_type": 58,
- "object_pk": "314",
- "object_id": 314,
- "object_repr": "SQL String Formatting-G201",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"SQL string formatting-G201\", \"SQL String Formatting-G201\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.093Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1258,
- "fields": {
- "content_type": 58,
- "object_pk": "328",
- "object_id": 328,
- "object_repr": "Use of Weak Cryptographic Primitive-G401",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Use of weak cryptographic primitive-G401\", \"Use of Weak Cryptographic Primitive-G401\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.108Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1259,
- "fields": {
- "content_type": 58,
- "object_pk": "319",
- "object_id": 319,
- "object_repr": "Use of Weak Cryptographic Primitive-G401",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Use of weak cryptographic primitive-G401\", \"Use of Weak Cryptographic Primitive-G401\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.123Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1260,
- "fields": {
- "content_type": 58,
- "object_pk": "318",
- "object_id": 318,
- "object_repr": "Use of Weak Cryptographic Primitive-G401",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Use of weak cryptographic primitive-G401\", \"Use of Weak Cryptographic Primitive-G401\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.139Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1261,
- "fields": {
- "content_type": 58,
- "object_pk": "333",
- "object_id": 333,
- "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"this method will not auto-escape HTML. Verify data is well formed.-G203\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.155Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1262,
- "fields": {
- "content_type": 58,
- "object_pk": "337",
- "object_id": 337,
- "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"this method will not auto-escape HTML. Verify data is well formed.-G203\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.170Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1263,
- "fields": {
- "content_type": 58,
- "object_pk": "310",
- "object_id": 310,
- "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"this method will not auto-escape HTML. Verify data is well formed.-G203\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.186Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1264,
- "fields": {
- "content_type": 58,
- "object_pk": "325",
- "object_id": 325,
- "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"this method will not auto-escape HTML. Verify data is well formed.-G203\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.201Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1265,
- "fields": {
- "content_type": 58,
- "object_pk": "311",
- "object_id": 311,
- "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"this method will not auto-escape HTML. Verify data is well formed.-G203\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.217Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1266,
- "fields": {
- "content_type": 58,
- "object_pk": "324",
- "object_id": 324,
- "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"this method will not auto-escape HTML. Verify data is well formed.-G203\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.234Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1267,
- "fields": {
- "content_type": 58,
- "object_pk": "101",
- "object_id": 101,
- "object_repr": "CGI Reflected XSS All Clients (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.249Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1268,
- "fields": {
- "content_type": 58,
- "object_pk": "233",
- "object_id": 233,
- "object_repr": "CGI Reflected XSS All Clients (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.264Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1269,
- "fields": {
- "content_type": 58,
- "object_pk": "134",
- "object_id": 134,
- "object_repr": "CGI Reflected XSS All Clients (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.280Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1270,
- "fields": {
- "content_type": 58,
- "object_pk": "266",
- "object_id": 266,
- "object_repr": "CGI Reflected XSS All Clients (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.296Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1271,
- "fields": {
- "content_type": 58,
- "object_pk": "170",
- "object_id": 170,
- "object_repr": "CGI Reflected XSS All Clients (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.312Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1272,
- "fields": {
- "content_type": 58,
- "object_pk": "38",
- "object_id": 38,
- "object_repr": "CGI Reflected XSS All Clients (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.327Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1273,
- "fields": {
- "content_type": 58,
- "object_pk": "15",
- "object_id": 15,
- "object_repr": "CGI Reflected XSS All Clients (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.342Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1274,
- "fields": {
- "content_type": 58,
- "object_pk": "147",
- "object_id": 147,
- "object_repr": "CGI Reflected XSS All Clients (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.357Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1275,
- "fields": {
- "content_type": 58,
- "object_pk": "223",
- "object_id": 223,
- "object_repr": "CGI Stored XSS (admin.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.373Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1276,
- "fields": {
- "content_type": 58,
- "object_pk": "91",
- "object_id": 91,
- "object_repr": "CGI Stored XSS (admin.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.390Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1277,
- "fields": {
- "content_type": 58,
- "object_pk": "82",
- "object_id": 82,
- "object_repr": "CGI Stored XSS (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.405Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1278,
- "fields": {
- "content_type": 58,
- "object_pk": "214",
- "object_id": 214,
- "object_repr": "CGI Stored XSS (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.421Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1279,
- "fields": {
- "content_type": 58,
- "object_pk": "96",
- "object_id": 96,
- "object_repr": "CGI Stored XSS (header.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.438Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1280,
- "fields": {
- "content_type": 58,
- "object_pk": "228",
- "object_id": 228,
- "object_repr": "CGI Stored XSS (header.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.453Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1281,
- "fields": {
- "content_type": 58,
- "object_pk": "152",
- "object_id": 152,
- "object_repr": "CGI Stored XSS (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.469Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1282,
- "fields": {
- "content_type": 58,
- "object_pk": "20",
- "object_id": 20,
- "object_repr": "CGI Stored XSS (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.484Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1283,
- "fields": {
- "content_type": 58,
- "object_pk": "207",
- "object_id": 207,
- "object_repr": "CGI Stored XSS (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.499Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1284,
- "fields": {
- "content_type": 58,
- "object_pk": "75",
- "object_id": 75,
- "object_repr": "CGI Stored XSS (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.517Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1285,
- "fields": {
- "content_type": 58,
- "object_pk": "179",
- "object_id": 179,
- "object_repr": "CGI Stored XSS (score.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.533Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1286,
- "fields": {
- "content_type": 58,
- "object_pk": "47",
- "object_id": 47,
- "object_repr": "CGI Stored XSS (score.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.549Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1287,
- "fields": {
- "content_type": 58,
- "object_pk": "165",
- "object_id": 165,
- "object_repr": "Client Cross Frame Scripting Attack (advanced.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.566Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1288,
- "fields": {
- "content_type": 58,
- "object_pk": "33",
- "object_id": 33,
- "object_repr": "Client Cross Frame Scripting Attack (advanced.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.581Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1289,
- "fields": {
- "content_type": 58,
- "object_pk": "52",
- "object_id": 52,
- "object_repr": "Download of Code Without Integrity Check (admin.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.596Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1290,
- "fields": {
- "content_type": 58,
- "object_pk": "184",
- "object_id": 184,
- "object_repr": "Download of Code Without Integrity Check (admin.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.613Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1291,
- "fields": {
- "content_type": 58,
- "object_pk": "138",
- "object_id": 138,
- "object_repr": "Download of Code Without Integrity Check (advanced.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.630Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1292,
- "fields": {
- "content_type": 58,
- "object_pk": "270",
- "object_id": 270,
- "object_repr": "Download of Code Without Integrity Check (advanced.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.646Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1293,
- "fields": {
- "content_type": 58,
- "object_pk": "272",
- "object_id": 272,
- "object_repr": "Download of Code Without Integrity Check (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.663Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1294,
- "fields": {
- "content_type": 58,
- "object_pk": "77",
- "object_id": 77,
- "object_repr": "Download of Code Without Integrity Check (header.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.679Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1295,
- "fields": {
- "content_type": 58,
- "object_pk": "209",
- "object_id": 209,
- "object_repr": "Download of Code Without Integrity Check (header.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.694Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1296,
- "fields": {
- "content_type": 58,
- "object_pk": "175",
- "object_id": 175,
- "object_repr": "Download of Code Without Integrity Check (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.709Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1297,
- "fields": {
- "content_type": 58,
- "object_pk": "43",
- "object_id": 43,
- "object_repr": "Download of Code Without Integrity Check (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.725Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1298,
- "fields": {
- "content_type": 58,
- "object_pk": "141",
- "object_id": 141,
- "object_repr": "Download of Code Without Integrity Check (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.741Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1299,
- "fields": {
- "content_type": 58,
- "object_pk": "9",
- "object_id": 9,
- "object_repr": "Download of Code Without Integrity Check (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.756Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1300,
- "fields": {
- "content_type": 58,
- "object_pk": "199",
- "object_id": 199,
- "object_repr": "Download of Code Without Integrity Check (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.771Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1301,
- "fields": {
- "content_type": 58,
- "object_pk": "67",
- "object_id": 67,
- "object_repr": "Download of Code Without Integrity Check (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.787Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1302,
- "fields": {
- "content_type": 58,
- "object_pk": "187",
- "object_id": 187,
- "object_repr": "Download of Code Without Integrity Check (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.802Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1303,
- "fields": {
- "content_type": 58,
- "object_pk": "55",
- "object_id": 55,
- "object_repr": "Download of Code Without Integrity Check (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.819Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1304,
- "fields": {
- "content_type": 58,
- "object_pk": "62",
- "object_id": 62,
- "object_repr": "Download of Code Without Integrity Check (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.834Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1305,
- "fields": {
- "content_type": 58,
- "object_pk": "194",
- "object_id": 194,
- "object_repr": "Download of Code Without Integrity Check (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.850Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1306,
- "fields": {
- "content_type": 58,
- "object_pk": "200",
- "object_id": 200,
- "object_repr": "Download of Code Without Integrity Check (score.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.864Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1307,
- "fields": {
- "content_type": 58,
- "object_pk": "68",
- "object_id": 68,
- "object_repr": "Download of Code Without Integrity Check (score.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.879Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1308,
- "fields": {
- "content_type": 58,
- "object_pk": "110",
- "object_id": 110,
- "object_repr": "Download of Code Without Integrity Check (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.895Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1309,
- "fields": {
- "content_type": 58,
- "object_pk": "242",
- "object_id": 242,
- "object_repr": "Download of Code Without Integrity Check (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.910Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1310,
- "fields": {
- "content_type": 58,
- "object_pk": "117",
- "object_id": 117,
- "object_repr": "Hardcoded Password in Connection String (advanced.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (advanced.jsp)\", \"Hardcoded Password in Connection String (advanced.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.924Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1311,
- "fields": {
- "content_type": 58,
- "object_pk": "249",
- "object_id": 249,
- "object_repr": "Hardcoded Password in Connection String (advanced.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (advanced.jsp)\", \"Hardcoded Password in Connection String (advanced.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.940Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1312,
- "fields": {
- "content_type": 58,
- "object_pk": "50",
- "object_id": 50,
- "object_repr": "Hardcoded Password in Connection String (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (basket.jsp)\", \"Hardcoded Password in Connection String (basket.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.956Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1313,
- "fields": {
- "content_type": 58,
- "object_pk": "182",
- "object_id": 182,
- "object_repr": "Hardcoded Password in Connection String (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (basket.jsp)\", \"Hardcoded Password in Connection String (basket.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.972Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1314,
- "fields": {
- "content_type": 58,
- "object_pk": "40",
- "object_id": 40,
- "object_repr": "Hardcoded Password in Connection String (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (contact.jsp)\", \"Hardcoded Password in Connection String (contact.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:14.988Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1315,
- "fields": {
- "content_type": 58,
- "object_pk": "172",
- "object_id": 172,
- "object_repr": "Hardcoded Password in Connection String (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (contact.jsp)\", \"Hardcoded Password in Connection String (contact.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.004Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1316,
- "fields": {
- "content_type": 58,
- "object_pk": "173",
- "object_id": 173,
- "object_repr": "Hardcoded Password in Connection String (dbconnection.jspf)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (dbconnection.jspf)\", \"Hardcoded Password in Connection String (dbconnection.jspf)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.020Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1317,
- "fields": {
- "content_type": 58,
- "object_pk": "41",
- "object_id": 41,
- "object_repr": "Hardcoded Password in Connection String (dbconnection.jspf)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (dbconnection.jspf)\", \"Hardcoded Password in Connection String (dbconnection.jspf)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.036Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1318,
- "fields": {
- "content_type": 58,
- "object_pk": "24",
- "object_id": 24,
- "object_repr": "Hardcoded Password in Connection String (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (home.jsp)\", \"Hardcoded Password in Connection String (home.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.051Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1319,
- "fields": {
- "content_type": 58,
- "object_pk": "156",
- "object_id": 156,
- "object_repr": "Hardcoded Password in Connection String (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (home.jsp)\", \"Hardcoded Password in Connection String (home.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.068Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1320,
- "fields": {
- "content_type": 58,
- "object_pk": "59",
- "object_id": 59,
- "object_repr": "Hardcoded Password in Connection String (init.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (init.jsp)\", \"Hardcoded Password in Connection String (init.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.082Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1321,
- "fields": {
- "content_type": 58,
- "object_pk": "191",
- "object_id": 191,
- "object_repr": "Hardcoded Password in Connection String (init.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (init.jsp)\", \"Hardcoded Password in Connection String (init.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.098Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1322,
- "fields": {
- "content_type": 58,
- "object_pk": "248",
- "object_id": 248,
- "object_repr": "Hardcoded Password in Connection String (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (login.jsp)\", \"Hardcoded Password in Connection String (login.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.113Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1323,
- "fields": {
- "content_type": 58,
- "object_pk": "116",
- "object_id": 116,
- "object_repr": "Hardcoded Password in Connection String (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (login.jsp)\", \"Hardcoded Password in Connection String (login.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.128Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1324,
- "fields": {
- "content_type": 58,
- "object_pk": "34",
- "object_id": 34,
- "object_repr": "Hardcoded Password in Connection String (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (password.jsp)\", \"Hardcoded Password in Connection String (password.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.144Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1325,
- "fields": {
- "content_type": 58,
- "object_pk": "166",
- "object_id": 166,
- "object_repr": "Hardcoded Password in Connection String (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (password.jsp)\", \"Hardcoded Password in Connection String (password.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.159Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1326,
- "fields": {
- "content_type": 58,
- "object_pk": "148",
- "object_id": 148,
- "object_repr": "Hardcoded Password in Connection String (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (product.jsp)\", \"Hardcoded Password in Connection String (product.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.174Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1327,
- "fields": {
- "content_type": 58,
- "object_pk": "16",
- "object_id": 16,
- "object_repr": "Hardcoded Password in Connection String (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (product.jsp)\", \"Hardcoded Password in Connection String (product.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.190Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1328,
- "fields": {
- "content_type": 58,
- "object_pk": "81",
- "object_id": 81,
- "object_repr": "Hardcoded Password in Connection String (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (search.jsp)\", \"Hardcoded Password in Connection String (search.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.206Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1329,
- "fields": {
- "content_type": 58,
- "object_pk": "213",
- "object_id": 213,
- "object_repr": "Hardcoded Password in Connection String (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Hardcoded password in Connection String (search.jsp)\", \"Hardcoded Password in Connection String (search.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.222Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1330,
- "fields": {
- "content_type": 58,
- "object_pk": "265",
- "object_id": 265,
- "object_repr": "Heap Inspection (init.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.238Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1331,
- "fields": {
- "content_type": 58,
- "object_pk": "133",
- "object_id": 133,
- "object_repr": "Heap Inspection (init.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.254Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1332,
- "fields": {
- "content_type": 58,
- "object_pk": "54",
- "object_id": 54,
- "object_repr": "Heap Inspection (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.270Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1333,
- "fields": {
- "content_type": 58,
- "object_pk": "186",
- "object_id": 186,
- "object_repr": "Heap Inspection (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.284Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1334,
- "fields": {
- "content_type": 58,
- "object_pk": "26",
- "object_id": 26,
- "object_repr": "Heap Inspection (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.299Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1335,
- "fields": {
- "content_type": 58,
- "object_pk": "158",
- "object_id": 158,
- "object_repr": "Heap Inspection (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.314Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1336,
- "fields": {
- "content_type": 58,
- "object_pk": "92",
- "object_id": 92,
- "object_repr": "Heap Inspection (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.329Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1337,
- "fields": {
- "content_type": 58,
- "object_pk": "224",
- "object_id": 224,
- "object_repr": "Heap Inspection (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.344Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1338,
- "fields": {
- "content_type": 58,
- "object_pk": "193",
- "object_id": 193,
- "object_repr": "HttpOnlyCookies (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.360Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1339,
- "fields": {
- "content_type": 58,
- "object_pk": "61",
- "object_id": 61,
- "object_repr": "HttpOnlyCookies (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.375Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1340,
- "fields": {
- "content_type": 58,
- "object_pk": "259",
- "object_id": 259,
- "object_repr": "HttpOnlyCookies (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.389Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1341,
- "fields": {
- "content_type": 58,
- "object_pk": "127",
- "object_id": 127,
- "object_repr": "HttpOnlyCookies (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.405Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1342,
- "fields": {
- "content_type": 58,
- "object_pk": "14",
- "object_id": 14,
- "object_repr": "HttpOnlyCookies (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.420Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1343,
- "fields": {
- "content_type": 58,
- "object_pk": "146",
- "object_id": 146,
- "object_repr": "HttpOnlyCookies (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.435Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1344,
- "fields": {
- "content_type": 58,
- "object_pk": "98",
- "object_id": 98,
- "object_repr": "HttpOnlyCookies in Config (web.xml)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"HttpOnlyCookies In Config (web.xml)\", \"HttpOnlyCookies in Config (web.xml)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.451Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1345,
- "fields": {
- "content_type": 58,
- "object_pk": "230",
- "object_id": 230,
- "object_repr": "HttpOnlyCookies in Config (web.xml)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"HttpOnlyCookies In Config (web.xml)\", \"HttpOnlyCookies in Config (web.xml)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.467Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1346,
- "fields": {
- "content_type": 58,
- "object_pk": "167",
- "object_id": 167,
- "object_repr": "HttpOnlyCookies in Config (web.xml)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"HttpOnlyCookies In Config (web.xml)\", \"HttpOnlyCookies in Config (web.xml)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.482Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1347,
- "fields": {
- "content_type": 58,
- "object_pk": "35",
- "object_id": 35,
- "object_repr": "HttpOnlyCookies in Config (web.xml)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"HttpOnlyCookies In Config (web.xml)\", \"HttpOnlyCookies in Config (web.xml)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.498Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1348,
- "fields": {
- "content_type": 58,
- "object_pk": "56",
- "object_id": 56,
- "object_repr": "Session Fixation (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.514Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1349,
- "fields": {
- "content_type": 58,
- "object_pk": "188",
- "object_id": 188,
- "object_repr": "Session Fixation (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.529Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1350,
- "fields": {
- "content_type": 58,
- "object_pk": "247",
- "object_id": 247,
- "object_repr": "Session Fixation (logout.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.544Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1351,
- "fields": {
- "content_type": 58,
- "object_pk": "115",
- "object_id": 115,
- "object_repr": "Session Fixation (logout.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.560Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1352,
- "fields": {
- "content_type": 58,
- "object_pk": "28",
- "object_id": 28,
- "object_repr": "Trust Boundary Violation (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.575Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1353,
- "fields": {
- "content_type": 58,
- "object_pk": "160",
- "object_id": 160,
- "object_repr": "Trust Boundary Violation (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.591Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1354,
- "fields": {
- "content_type": 58,
- "object_pk": "274",
- "object_id": 274,
- "object_repr": "Use of Cryptographically Weak PRNG (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.608Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1355,
- "fields": {
- "content_type": 58,
- "object_pk": "159",
- "object_id": 159,
- "object_repr": "Use of Cryptographically Weak PRNG (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.622Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1356,
- "fields": {
- "content_type": 58,
- "object_pk": "27",
- "object_id": 27,
- "object_repr": "Use of Cryptographically Weak PRNG (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.638Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1357,
- "fields": {
- "content_type": 58,
- "object_pk": "206",
- "object_id": 206,
- "object_repr": "Use of Cryptographically Weak PRNG (init.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.653Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1358,
- "fields": {
- "content_type": 58,
- "object_pk": "74",
- "object_id": 74,
- "object_repr": "Use of Cryptographically Weak PRNG (init.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.668Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1359,
- "fields": {
- "content_type": 58,
- "object_pk": "99",
- "object_id": 99,
- "object_repr": "Use of Hard Coded Cryptographic Key (AES.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Use of Hard coded Cryptographic Key (AES.java)\", \"Use of Hard Coded Cryptographic Key (AES.java)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.684Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1360,
- "fields": {
- "content_type": 58,
- "object_pk": "231",
- "object_id": 231,
- "object_repr": "Use of Hard Coded Cryptographic Key (AES.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Use of Hard coded Cryptographic Key (AES.java)\", \"Use of Hard Coded Cryptographic Key (AES.java)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.700Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1361,
- "fields": {
- "content_type": 58,
- "object_pk": "88",
- "object_id": 88,
- "object_repr": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Use of Hard coded Cryptographic Key (AdvancedSearch.java)\", \"Use of Hard Coded Cryptographic Key (AdvancedSearch.java)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.716Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1362,
- "fields": {
- "content_type": 58,
- "object_pk": "220",
- "object_id": 220,
- "object_repr": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Use of Hard coded Cryptographic Key (AdvancedSearch.java)\", \"Use of Hard Coded Cryptographic Key (AdvancedSearch.java)\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.731Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1363,
- "fields": {
- "content_type": 58,
- "object_pk": "257",
- "object_id": 257,
- "object_repr": "Use of Insufficiently Random Values (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.746Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1364,
- "fields": {
- "content_type": 58,
- "object_pk": "125",
- "object_id": 125,
- "object_repr": "Use of Insufficiently Random Values (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.761Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1365,
- "fields": {
- "content_type": 58,
- "object_pk": "277",
- "object_id": 277,
- "object_repr": "Use of Insufficiently Random Values (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.776Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1366,
- "fields": {
- "content_type": 58,
- "object_pk": "83",
- "object_id": 83,
- "object_repr": "Use of Insufficiently Random Values (init.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.792Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1367,
- "fields": {
- "content_type": 58,
- "object_pk": "215",
- "object_id": 215,
- "object_repr": "Use of Insufficiently Random Values (init.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.807Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1368,
- "fields": {
- "content_type": 58,
- "object_pk": "269",
- "object_id": 269,
- "object_repr": "XSRF (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.823Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1369,
- "fields": {
- "content_type": 58,
- "object_pk": "137",
- "object_id": 137,
- "object_repr": "XSRF (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-02-15\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.840Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1370,
- "fields": {
- "content_type": 58,
- "object_pk": "323",
- "object_id": 323,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.856Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1371,
- "fields": {
- "content_type": 58,
- "object_pk": "332",
- "object_id": 332,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.872Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1372,
- "fields": {
- "content_type": 58,
- "object_pk": "321",
- "object_id": 321,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.887Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1373,
- "fields": {
- "content_type": 58,
- "object_pk": "326",
- "object_id": 326,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.902Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1374,
- "fields": {
- "content_type": 58,
- "object_pk": "327",
- "object_id": 327,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.918Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1375,
- "fields": {
- "content_type": 58,
- "object_pk": "317",
- "object_id": 317,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.933Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1376,
- "fields": {
- "content_type": 58,
- "object_pk": "313",
- "object_id": 313,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.949Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1377,
- "fields": {
- "content_type": 58,
- "object_pk": "320",
- "object_id": 320,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.964Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1378,
- "fields": {
- "content_type": 58,
- "object_pk": "312",
- "object_id": 312,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.980Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1379,
- "fields": {
- "content_type": 58,
- "object_pk": "316",
- "object_id": 316,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:15.996Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1380,
- "fields": {
- "content_type": 58,
- "object_pk": "331",
- "object_id": 331,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.011Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1381,
- "fields": {
- "content_type": 58,
- "object_pk": "336",
- "object_id": 336,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.028Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1382,
- "fields": {
- "content_type": 58,
- "object_pk": "322",
- "object_id": 322,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.046Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1383,
- "fields": {
- "content_type": 58,
- "object_pk": "335",
- "object_id": 335,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.063Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1384,
- "fields": {
- "content_type": 58,
- "object_pk": "334",
- "object_id": 334,
- "object_repr": "Errors Unhandled.-G104",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Errors unhandled.-G104\", \"Errors Unhandled.-G104\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.079Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1385,
- "fields": {
- "content_type": 58,
- "object_pk": "300",
- "object_id": 300,
- "object_repr": "Password Field With Autocomplete Enabled",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Password field with autocomplete enabled\", \"Password Field With Autocomplete Enabled\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.094Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1386,
- "fields": {
- "content_type": 58,
- "object_pk": "338",
- "object_id": 338,
- "object_repr": "Password Field With Autocomplete Enabled",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Password field with autocomplete enabled\", \"Password Field With Autocomplete Enabled\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.110Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1387,
- "fields": {
- "content_type": 58,
- "object_pk": "284",
- "object_id": 284,
- "object_repr": "URL Request Gets Path From Variable",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"URL Request Gets Path from Variable\", \"URL Request Gets Path From Variable\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.125Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1388,
- "fields": {
- "content_type": 58,
- "object_pk": "295",
- "object_id": 295,
- "object_repr": "URL Request Gets Path From Variable",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"URL Request Gets Path from Variable\", \"URL Request Gets Path From Variable\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.140Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1389,
- "fields": {
- "content_type": 58,
- "object_pk": "292",
- "object_id": 292,
- "object_repr": "URL Request Gets Path From Variable",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"URL Request Gets Path from Variable\", \"URL Request Gets Path From Variable\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.156Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1390,
- "fields": {
- "content_type": 58,
- "object_pk": "303",
- "object_id": 303,
- "object_repr": "Unencrypted Communications",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Unencrypted communications\", \"Unencrypted Communications\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.171Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1391,
- "fields": {
- "content_type": 58,
- "object_pk": "341",
- "object_id": 341,
- "object_repr": "Unencrypted Communications",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Unencrypted communications\", \"Unencrypted Communications\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.187Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1392,
- "fields": {
- "content_type": 58,
- "object_pk": "229",
- "object_id": 229,
- "object_repr": "Blind SQL Injections (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.203Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1393,
- "fields": {
- "content_type": 58,
- "object_pk": "97",
- "object_id": 97,
- "object_repr": "Blind SQL Injections (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.220Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1394,
- "fields": {
- "content_type": 58,
- "object_pk": "79",
- "object_id": 79,
- "object_repr": "Blind SQL Injections (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.238Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1395,
- "fields": {
- "content_type": 58,
- "object_pk": "211",
- "object_id": 211,
- "object_repr": "Blind SQL Injections (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.254Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1396,
- "fields": {
- "content_type": 58,
- "object_pk": "157",
- "object_id": 157,
- "object_repr": "Blind SQL Injections (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.269Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1397,
- "fields": {
- "content_type": 58,
- "object_pk": "25",
- "object_id": 25,
- "object_repr": "Blind SQL Injections (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.284Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1398,
- "fields": {
- "content_type": 58,
- "object_pk": "240",
- "object_id": 240,
- "object_repr": "Blind SQL Injections (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.300Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1399,
- "fields": {
- "content_type": 58,
- "object_pk": "108",
- "object_id": 108,
- "object_repr": "Blind SQL Injections (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.316Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1400,
- "fields": {
- "content_type": 58,
- "object_pk": "80",
- "object_id": 80,
- "object_repr": "Client DOM Open Redirect (advanced.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.332Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1401,
- "fields": {
- "content_type": 58,
- "object_pk": "212",
- "object_id": 212,
- "object_repr": "Client DOM Open Redirect (advanced.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.349Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1402,
- "fields": {
- "content_type": 58,
- "object_pk": "149",
- "object_id": 149,
- "object_repr": "Client Insecure Randomness (encryption.js)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.364Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1403,
- "fields": {
- "content_type": 58,
- "object_pk": "17",
- "object_id": 17,
- "object_repr": "Client Insecure Randomness (encryption.js)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.379Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1404,
- "fields": {
- "content_type": 58,
- "object_pk": "22",
- "object_id": 22,
- "object_repr": "Collapse of Data Into Unsafe Value (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Collapse of Data into Unsafe Value (contact.jsp)\", \"Collapse of Data Into Unsafe Value (contact.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.394Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1405,
- "fields": {
- "content_type": 58,
- "object_pk": "154",
- "object_id": 154,
- "object_repr": "Collapse of Data Into Unsafe Value (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Collapse of Data into Unsafe Value (contact.jsp)\", \"Collapse of Data Into Unsafe Value (contact.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.410Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1406,
- "fields": {
- "content_type": 58,
- "object_pk": "178",
- "object_id": 178,
- "object_repr": "Empty Password in Connection String (advanced.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (advanced.jsp)\", \"Empty Password in Connection String (advanced.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.425Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1407,
- "fields": {
- "content_type": 58,
- "object_pk": "46",
- "object_id": 46,
- "object_repr": "Empty Password in Connection String (advanced.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (advanced.jsp)\", \"Empty Password in Connection String (advanced.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.441Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1408,
- "fields": {
- "content_type": 58,
- "object_pk": "267",
- "object_id": 267,
- "object_repr": "Empty Password in Connection String (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (contact.jsp)\", \"Empty Password in Connection String (contact.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.456Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1409,
- "fields": {
- "content_type": 58,
- "object_pk": "135",
- "object_id": 135,
- "object_repr": "Empty Password in Connection String (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (contact.jsp)\", \"Empty Password in Connection String (contact.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.471Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1410,
- "fields": {
- "content_type": 58,
- "object_pk": "190",
- "object_id": 190,
- "object_repr": "Empty Password in Connection String (dbconnection.jspf)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (dbconnection.jspf)\", \"Empty Password in Connection String (dbconnection.jspf)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.487Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1411,
- "fields": {
- "content_type": 58,
- "object_pk": "58",
- "object_id": 58,
- "object_repr": "Empty Password in Connection String (dbconnection.jspf)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (dbconnection.jspf)\", \"Empty Password in Connection String (dbconnection.jspf)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.504Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1412,
- "fields": {
- "content_type": 58,
- "object_pk": "71",
- "object_id": 71,
- "object_repr": "Empty Password in Connection String (header.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (header.jsp)\", \"Empty Password in Connection String (header.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.520Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1413,
- "fields": {
- "content_type": 58,
- "object_pk": "203",
- "object_id": 203,
- "object_repr": "Empty Password in Connection String (header.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (header.jsp)\", \"Empty Password in Connection String (header.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.534Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1414,
- "fields": {
- "content_type": 58,
- "object_pk": "64",
- "object_id": 64,
- "object_repr": "Empty Password in Connection String (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (home.jsp)\", \"Empty Password in Connection String (home.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.550Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1415,
- "fields": {
- "content_type": 58,
- "object_pk": "196",
- "object_id": 196,
- "object_repr": "Empty Password in Connection String (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (home.jsp)\", \"Empty Password in Connection String (home.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.566Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1416,
- "fields": {
- "content_type": 58,
- "object_pk": "53",
- "object_id": 53,
- "object_repr": "Empty Password in Connection String (init.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (init.jsp)\", \"Empty Password in Connection String (init.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.581Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1417,
- "fields": {
- "content_type": 58,
- "object_pk": "185",
- "object_id": 185,
- "object_repr": "Empty Password in Connection String (init.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (init.jsp)\", \"Empty Password in Connection String (init.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.596Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1418,
- "fields": {
- "content_type": 58,
- "object_pk": "123",
- "object_id": 123,
- "object_repr": "Empty Password in Connection String (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (login.jsp)\", \"Empty Password in Connection String (login.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.611Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1419,
- "fields": {
- "content_type": 58,
- "object_pk": "255",
- "object_id": 255,
- "object_repr": "Empty Password in Connection String (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (login.jsp)\", \"Empty Password in Connection String (login.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.627Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1420,
- "fields": {
- "content_type": 58,
- "object_pk": "31",
- "object_id": 31,
- "object_repr": "Empty Password in Connection String (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (product.jsp)\", \"Empty Password in Connection String (product.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.641Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1421,
- "fields": {
- "content_type": 58,
- "object_pk": "163",
- "object_id": 163,
- "object_repr": "Empty Password in Connection String (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (product.jsp)\", \"Empty Password in Connection String (product.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.657Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1422,
- "fields": {
- "content_type": 58,
- "object_pk": "42",
- "object_id": 42,
- "object_repr": "Empty Password in Connection String (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (register.jsp)\", \"Empty Password in Connection String (register.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.673Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1423,
- "fields": {
- "content_type": 58,
- "object_pk": "174",
- "object_id": 174,
- "object_repr": "Empty Password in Connection String (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (register.jsp)\", \"Empty Password in Connection String (register.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.689Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1424,
- "fields": {
- "content_type": 58,
- "object_pk": "120",
- "object_id": 120,
- "object_repr": "Empty Password in Connection String (score.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (score.jsp)\", \"Empty Password in Connection String (score.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.705Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1425,
- "fields": {
- "content_type": 58,
- "object_pk": "252",
- "object_id": 252,
- "object_repr": "Empty Password in Connection String (score.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (score.jsp)\", \"Empty Password in Connection String (score.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.720Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1426,
- "fields": {
- "content_type": 58,
- "object_pk": "244",
- "object_id": 244,
- "object_repr": "Empty Password in Connection String (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (search.jsp)\", \"Empty Password in Connection String (search.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.736Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1427,
- "fields": {
- "content_type": 58,
- "object_pk": "112",
- "object_id": 112,
- "object_repr": "Empty Password in Connection String (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Empty Password In Connection String (search.jsp)\", \"Empty Password in Connection String (search.jsp)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.752Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1428,
- "fields": {
- "content_type": 58,
- "object_pk": "204",
- "object_id": 204,
- "object_repr": "Improper Resource Access Authorization (FunctionalZAP.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.767Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1429,
- "fields": {
- "content_type": 58,
- "object_pk": "72",
- "object_id": 72,
- "object_repr": "Improper Resource Access Authorization (FunctionalZAP.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.783Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1430,
- "fields": {
- "content_type": 58,
- "object_pk": "273",
- "object_id": 273,
- "object_repr": "Improper Resource Access Authorization (admin.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.799Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1431,
- "fields": {
- "content_type": 58,
- "object_pk": "201",
- "object_id": 201,
- "object_repr": "Improper Resource Access Authorization (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.814Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1432,
- "fields": {
- "content_type": 58,
- "object_pk": "69",
- "object_id": 69,
- "object_repr": "Improper Resource Access Authorization (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.829Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1433,
- "fields": {
- "content_type": 58,
- "object_pk": "119",
- "object_id": 119,
- "object_repr": "Improper Resource Access Authorization (header.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.846Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1434,
- "fields": {
- "content_type": 58,
- "object_pk": "251",
- "object_id": 251,
- "object_repr": "Improper Resource Access Authorization (header.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.860Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1435,
- "fields": {
- "content_type": 58,
- "object_pk": "237",
- "object_id": 237,
- "object_repr": "Improper Resource Access Authorization (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.875Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1436,
- "fields": {
- "content_type": 58,
- "object_pk": "105",
- "object_id": 105,
- "object_repr": "Improper Resource Access Authorization (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.890Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1437,
- "fields": {
- "content_type": 58,
- "object_pk": "95",
- "object_id": 95,
- "object_repr": "Improper Resource Access Authorization (init.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.905Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1438,
- "fields": {
- "content_type": 58,
- "object_pk": "227",
- "object_id": 227,
- "object_repr": "Improper Resource Access Authorization (init.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.921Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1439,
- "fields": {
- "content_type": 58,
- "object_pk": "250",
- "object_id": 250,
- "object_repr": "Improper Resource Access Authorization (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.937Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1440,
- "fields": {
- "content_type": 58,
- "object_pk": "118",
- "object_id": 118,
- "object_repr": "Improper Resource Access Authorization (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.956Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1441,
- "fields": {
- "content_type": 58,
- "object_pk": "32",
- "object_id": 32,
- "object_repr": "Improper Resource Access Authorization (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.976Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1442,
- "fields": {
- "content_type": 58,
- "object_pk": "164",
- "object_id": 164,
- "object_repr": "Improper Resource Access Authorization (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:16.992Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1443,
- "fields": {
- "content_type": 58,
- "object_pk": "198",
- "object_id": 198,
- "object_repr": "Improper Resource Access Authorization (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.008Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1444,
- "fields": {
- "content_type": 58,
- "object_pk": "66",
- "object_id": 66,
- "object_repr": "Improper Resource Access Authorization (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.023Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1445,
- "fields": {
- "content_type": 58,
- "object_pk": "271",
- "object_id": 271,
- "object_repr": "Improper Resource Access Authorization (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.040Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1446,
- "fields": {
- "content_type": 58,
- "object_pk": "139",
- "object_id": 139,
- "object_repr": "Improper Resource Access Authorization (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.055Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1447,
- "fields": {
- "content_type": 58,
- "object_pk": "246",
- "object_id": 246,
- "object_repr": "Improper Resource Access Authorization (score.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.072Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1448,
- "fields": {
- "content_type": 58,
- "object_pk": "114",
- "object_id": 114,
- "object_repr": "Improper Resource Access Authorization (score.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.089Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1449,
- "fields": {
- "content_type": 58,
- "object_pk": "104",
- "object_id": 104,
- "object_repr": "Improper Resource Access Authorization (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.106Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1450,
- "fields": {
- "content_type": 58,
- "object_pk": "236",
- "object_id": 236,
- "object_repr": "Improper Resource Access Authorization (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.121Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1451,
- "fields": {
- "content_type": 58,
- "object_pk": "36",
- "object_id": 36,
- "object_repr": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.137Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1452,
- "fields": {
- "content_type": 58,
- "object_pk": "168",
- "object_id": 168,
- "object_repr": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.151Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1453,
- "fields": {
- "content_type": 58,
- "object_pk": "106",
- "object_id": 106,
- "object_repr": "Improper Resource Shutdown or Release (admin.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.166Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1454,
- "fields": {
- "content_type": 58,
- "object_pk": "238",
- "object_id": 238,
- "object_repr": "Improper Resource Shutdown or Release (admin.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.183Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1455,
- "fields": {
- "content_type": 58,
- "object_pk": "245",
- "object_id": 245,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.199Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1456,
- "fields": {
- "content_type": 58,
- "object_pk": "132",
- "object_id": 132,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.216Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1457,
- "fields": {
- "content_type": 58,
- "object_pk": "210",
- "object_id": 210,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.232Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1458,
- "fields": {
- "content_type": 58,
- "object_pk": "113",
- "object_id": 113,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.248Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1459,
- "fields": {
- "content_type": 58,
- "object_pk": "78",
- "object_id": 78,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.264Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1460,
- "fields": {
- "content_type": 58,
- "object_pk": "264",
- "object_id": 264,
- "object_repr": "Improper Resource Shutdown or Release (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.280Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1461,
- "fields": {
- "content_type": 58,
- "object_pk": "275",
- "object_id": 275,
- "object_repr": "Improper Resource Shutdown or Release (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.296Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1462,
- "fields": {
- "content_type": 58,
- "object_pk": "144",
- "object_id": 144,
- "object_repr": "Improper Resource Shutdown or Release (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.313Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1463,
- "fields": {
- "content_type": 58,
- "object_pk": "12",
- "object_id": 12,
- "object_repr": "Improper Resource Shutdown or Release (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.330Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1464,
- "fields": {
- "content_type": 58,
- "object_pk": "76",
- "object_id": 76,
- "object_repr": "Improper Resource Shutdown or Release (init.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.345Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1465,
- "fields": {
- "content_type": 58,
- "object_pk": "208",
- "object_id": 208,
- "object_repr": "Improper Resource Shutdown or Release (init.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.361Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1466,
- "fields": {
- "content_type": 58,
- "object_pk": "253",
- "object_id": 253,
- "object_repr": "Improper Resource Shutdown or Release (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.378Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1467,
- "fields": {
- "content_type": 58,
- "object_pk": "121",
- "object_id": 121,
- "object_repr": "Improper Resource Shutdown or Release (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.396Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1468,
- "fields": {
- "content_type": 58,
- "object_pk": "122",
- "object_id": 122,
- "object_repr": "Improper Resource Shutdown or Release (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.412Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1469,
- "fields": {
- "content_type": 58,
- "object_pk": "254",
- "object_id": 254,
- "object_repr": "Improper Resource Shutdown or Release (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.427Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1470,
- "fields": {
- "content_type": 58,
- "object_pk": "232",
- "object_id": 232,
- "object_repr": "Improper Resource Shutdown or Release (score.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.443Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1471,
- "fields": {
- "content_type": 58,
- "object_pk": "100",
- "object_id": 100,
- "object_repr": "Improper Resource Shutdown or Release (score.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.460Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1472,
- "fields": {
- "content_type": 58,
- "object_pk": "93",
- "object_id": 93,
- "object_repr": "Improper Resource Shutdown or Release (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.476Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1473,
- "fields": {
- "content_type": 58,
- "object_pk": "225",
- "object_id": 225,
- "object_repr": "Improper Resource Shutdown or Release (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.491Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1474,
- "fields": {
- "content_type": 58,
- "object_pk": "143",
- "object_id": 143,
- "object_repr": "Information Exposure Through an Error Message (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.509Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1475,
- "fields": {
- "content_type": 58,
- "object_pk": "11",
- "object_id": 11,
- "object_repr": "Information Exposure Through an Error Message (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.525Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1476,
- "fields": {
- "content_type": 58,
- "object_pk": "29",
- "object_id": 29,
- "object_repr": "Information Exposure Through an Error Message (admin.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.540Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1477,
- "fields": {
- "content_type": 58,
- "object_pk": "161",
- "object_id": 161,
- "object_repr": "Information Exposure Through an Error Message (admin.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.556Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1478,
- "fields": {
- "content_type": 58,
- "object_pk": "235",
- "object_id": 235,
- "object_repr": "Information Exposure Through an Error Message (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.571Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1479,
- "fields": {
- "content_type": 58,
- "object_pk": "103",
- "object_id": 103,
- "object_repr": "Information Exposure Through an Error Message (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.587Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1480,
- "fields": {
- "content_type": 58,
- "object_pk": "49",
- "object_id": 49,
- "object_repr": "Information Exposure Through an Error Message (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.603Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1481,
- "fields": {
- "content_type": 58,
- "object_pk": "181",
- "object_id": 181,
- "object_repr": "Information Exposure Through an Error Message (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.620Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1482,
- "fields": {
- "content_type": 58,
- "object_pk": "129",
- "object_id": 129,
- "object_repr": "Information Exposure Through an Error Message (header.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.637Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1483,
- "fields": {
- "content_type": 58,
- "object_pk": "261",
- "object_id": 261,
- "object_repr": "Information Exposure Through an Error Message (header.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.652Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1484,
- "fields": {
- "content_type": 58,
- "object_pk": "176",
- "object_id": 176,
- "object_repr": "Information Exposure Through an Error Message (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.668Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1485,
- "fields": {
- "content_type": 58,
- "object_pk": "44",
- "object_id": 44,
- "object_repr": "Information Exposure Through an Error Message (home.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.685Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1486,
- "fields": {
- "content_type": 58,
- "object_pk": "256",
- "object_id": 256,
- "object_repr": "Information Exposure Through an Error Message (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.700Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1487,
- "fields": {
- "content_type": 58,
- "object_pk": "124",
- "object_id": 124,
- "object_repr": "Information Exposure Through an Error Message (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.717Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1488,
- "fields": {
- "content_type": 58,
- "object_pk": "136",
- "object_id": 136,
- "object_repr": "Information Exposure Through an Error Message (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.732Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1489,
- "fields": {
- "content_type": 58,
- "object_pk": "268",
- "object_id": 268,
- "object_repr": "Information Exposure Through an Error Message (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.747Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1490,
- "fields": {
- "content_type": 58,
- "object_pk": "94",
- "object_id": 94,
- "object_repr": "Information Exposure Through an Error Message (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.763Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1491,
- "fields": {
- "content_type": 58,
- "object_pk": "226",
- "object_id": 226,
- "object_repr": "Information Exposure Through an Error Message (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.778Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1492,
- "fields": {
- "content_type": 58,
- "object_pk": "219",
- "object_id": 219,
- "object_repr": "Information Exposure Through an Error Message (score.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.793Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1493,
- "fields": {
- "content_type": 58,
- "object_pk": "87",
- "object_id": 87,
- "object_repr": "Information Exposure Through an Error Message (score.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.809Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1494,
- "fields": {
- "content_type": 58,
- "object_pk": "107",
- "object_id": 107,
- "object_repr": "Information Exposure Through an Error Message (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.824Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1495,
- "fields": {
- "content_type": 58,
- "object_pk": "239",
- "object_id": 239,
- "object_repr": "Information Exposure Through an Error Message (search.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.840Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1496,
- "fields": {
- "content_type": 58,
- "object_pk": "84",
- "object_id": 84,
- "object_repr": "Missing X Frame Options (web.xml)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.856Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1497,
- "fields": {
- "content_type": 58,
- "object_pk": "142",
- "object_id": 142,
- "object_repr": "Missing X Frame Options (web.xml)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.871Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1498,
- "fields": {
- "content_type": 58,
- "object_pk": "216",
- "object_id": 216,
- "object_repr": "Missing X Frame Options (web.xml)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.887Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1499,
- "fields": {
- "content_type": 58,
- "object_pk": "10",
- "object_id": 10,
- "object_repr": "Missing X Frame Options (web.xml)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.902Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1500,
- "fields": {
- "content_type": 58,
- "object_pk": "153",
- "object_id": 153,
- "object_repr": "Not Using a Random IV With CBC Mode (AES.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Not Using a Random IV with CBC Mode (AES.java)\", \"Not Using a Random IV With CBC Mode (AES.java)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.917Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1501,
- "fields": {
- "content_type": 58,
- "object_pk": "21",
- "object_id": 21,
- "object_repr": "Not Using a Random IV With CBC Mode (AES.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Not Using a Random IV with CBC Mode (AES.java)\", \"Not Using a Random IV With CBC Mode (AES.java)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.932Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1502,
- "fields": {
- "content_type": 58,
- "object_pk": "180",
- "object_id": 180,
- "object_repr": "Plaintext Storage in a Cookie (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.947Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1503,
- "fields": {
- "content_type": 58,
- "object_pk": "48",
- "object_id": 48,
- "object_repr": "Plaintext Storage in a Cookie (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.962Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1504,
- "fields": {
- "content_type": 58,
- "object_pk": "70",
- "object_id": 70,
- "object_repr": "Race Condition Format Flaw (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.978Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1505,
- "fields": {
- "content_type": 58,
- "object_pk": "202",
- "object_id": 202,
- "object_repr": "Race Condition Format Flaw (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:17.993Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1506,
- "fields": {
- "content_type": 58,
- "object_pk": "130",
- "object_id": 130,
- "object_repr": "Race Condition Format Flaw (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.009Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1507,
- "fields": {
- "content_type": 58,
- "object_pk": "262",
- "object_id": 262,
- "object_repr": "Race Condition Format Flaw (product.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.024Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1508,
- "fields": {
- "content_type": 58,
- "object_pk": "30",
- "object_id": 30,
- "object_repr": "Reliance on Cookies in a Decision (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.039Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1509,
- "fields": {
- "content_type": 58,
- "object_pk": "162",
- "object_id": 162,
- "object_repr": "Reliance on Cookies in a Decision (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.054Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1510,
- "fields": {
- "content_type": 58,
- "object_pk": "109",
- "object_id": 109,
- "object_repr": "Reliance on Cookies in a Decision (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.071Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1511,
- "fields": {
- "content_type": 58,
- "object_pk": "241",
- "object_id": 241,
- "object_repr": "Reliance on Cookies in a Decision (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.086Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1512,
- "fields": {
- "content_type": 58,
- "object_pk": "221",
- "object_id": 221,
- "object_repr": "Reliance on Cookies in a Decision (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.101Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1513,
- "fields": {
- "content_type": 58,
- "object_pk": "89",
- "object_id": 89,
- "object_repr": "Reliance on Cookies in a Decision (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.117Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1514,
- "fields": {
- "content_type": 58,
- "object_pk": "218",
- "object_id": 218,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.133Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1515,
- "fields": {
- "content_type": 58,
- "object_pk": "86",
- "object_id": 86,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.148Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1516,
- "fields": {
- "content_type": 58,
- "object_pk": "37",
- "object_id": 37,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.163Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1517,
- "fields": {
- "content_type": 58,
- "object_pk": "169",
- "object_id": 169,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.180Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1518,
- "fields": {
- "content_type": 58,
- "object_pk": "128",
- "object_id": 128,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.195Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1519,
- "fields": {
- "content_type": 58,
- "object_pk": "260",
- "object_id": 260,
- "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.210Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1520,
- "fields": {
- "content_type": 58,
- "object_pk": "23",
- "object_id": 23,
- "object_repr": "Stored Boundary Violation (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.226Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1521,
- "fields": {
- "content_type": 58,
- "object_pk": "155",
- "object_id": 155,
- "object_repr": "Stored Boundary Violation (login.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.242Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1522,
- "fields": {
- "content_type": 58,
- "object_pk": "205",
- "object_id": 205,
- "object_repr": "Suspected XSS (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.257Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1523,
- "fields": {
- "content_type": 58,
- "object_pk": "73",
- "object_id": 73,
- "object_repr": "Suspected XSS (contact.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.273Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1524,
- "fields": {
- "content_type": 58,
- "object_pk": "171",
- "object_id": 171,
- "object_repr": "Suspected XSS (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.289Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1525,
- "fields": {
- "content_type": 58,
- "object_pk": "39",
- "object_id": 39,
- "object_repr": "Suspected XSS (password.jsp)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.305Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1526,
- "fields": {
- "content_type": 58,
- "object_pk": "243",
- "object_id": 243,
- "object_repr": "Unsynchronized Access to Shared Data (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Unsynchronized Access To Shared Data (AdvancedSearch.java)\", \"Unsynchronized Access to Shared Data (AdvancedSearch.java)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.320Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1527,
- "fields": {
- "content_type": 58,
- "object_pk": "111",
- "object_id": 111,
- "object_repr": "Unsynchronized Access to Shared Data (AdvancedSearch.java)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Unsynchronized Access To Shared Data (AdvancedSearch.java)\", \"Unsynchronized Access to Shared Data (AdvancedSearch.java)\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.336Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1528,
- "fields": {
- "content_type": 58,
- "object_pk": "306",
- "object_id": 306,
- "object_repr": "Cross-Site Request Forgery",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Cross-site request forgery\", \"Cross-Site Request Forgery\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.542Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1529,
- "fields": {
- "content_type": 58,
- "object_pk": "344",
- "object_id": 344,
- "object_repr": "Cross-Site Request Forgery",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Cross-site request forgery\", \"Cross-Site Request Forgery\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.558Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1530,
- "fields": {
- "content_type": 58,
- "object_pk": "343",
- "object_id": 343,
- "object_repr": "Email Addresses Disclosed",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Email addresses disclosed\", \"Email Addresses Disclosed\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.573Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1531,
- "fields": {
- "content_type": 58,
- "object_pk": "305",
- "object_id": 305,
- "object_repr": "Email Addresses Disclosed",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Email addresses disclosed\", \"Email Addresses Disclosed\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.589Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1532,
- "fields": {
- "content_type": 58,
- "object_pk": "301",
- "object_id": 301,
- "object_repr": "Frameable Response (Potential Clickjacking)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Frameable response (potential Clickjacking)\", \"Frameable Response (Potential Clickjacking)\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.604Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1533,
- "fields": {
- "content_type": 58,
- "object_pk": "339",
- "object_id": 339,
- "object_repr": "Frameable Response (Potential Clickjacking)",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Frameable response (potential Clickjacking)\", \"Frameable Response (Potential Clickjacking)\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.621Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1534,
- "fields": {
- "content_type": 58,
- "object_pk": "308",
- "object_id": 308,
- "object_repr": "Path-Relative Style Sheet Import",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Path-relative style sheet import\", \"Path-Relative Style Sheet Import\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.638Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1535,
- "fields": {
- "content_type": 58,
- "object_pk": "346",
- "object_id": 346,
- "object_repr": "Path-Relative Style Sheet Import",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"Path-relative style sheet import\", \"Path-Relative Style Sheet Import\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.656Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1536,
- "fields": {
- "content_type": 58,
- "object_pk": "279",
- "object_id": 279,
- "object_repr": "Test",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"test\", \"Test\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.674Z",
- "additional_data": null
- }
-},
-{
- "model": "auditlog.logentry",
- "pk": 1537,
- "fields": {
- "content_type": 58,
- "object_pk": "2",
- "object_id": 2,
- "object_repr": "High Impact Test Finding",
- "serialized_data": null,
- "action": 1,
- "changes": "{\"title\": [\"High Impact test finding\", \"High Impact Test Finding\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"numerical_severity\": [\"S4\", \"S1\"], \"static_finding\": [\"False\", \"True\"]}",
- "actor": null,
- "remote_addr": null,
- "timestamp": "2025-01-17T16:52:18.690Z",
- "additional_data": null
- }
-},
-{
- "model": "dojo.regulation",
- "pk": 1,
- "fields": {
- "name": "Payment Card Industry Data Security Standard",
- "acronym": "PCI DSS",
- "category": "finance",
- "jurisdiction": "United States",
- "description": "The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.",
- "reference": "http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard"
- }
-},
-{
- "model": "dojo.regulation",
- "pk": 2,
- "fields": {
- "name": "Health Insurance Portability and Accountability Act",
- "acronym": "HIPAA",
- "category": "medical",
- "jurisdiction": "United States",
- "description": "The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum-Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.",
- "reference": "http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act"
- }
-},
-{
- "model": "dojo.regulation",
- "pk": 3,
- "fields": {
- "name": "Family Educational Rights and Privacy Act",
- "acronym": "FERPA",
- "category": "education",
- "jurisdiction": "United States",
- "description": "The Family Educational Rights and Privacy Act of 1974 (FERPA) is a United States federal law that gives parents access to their child's education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records. With several exceptions, schools must have a student's consent prior to the disclosure of education records after that student is 18 years old. The law applies only to educational agencies and institutions that receive funding under a program administered by the U.S. Department of Education. Other regulations under this act, effective starting January 3, 2012, allow for greater disclosures of personal and directory student identifying information and regulate student IDs and e-mail addresses.",
- "reference": "http://en.wikipedia.org/wiki/Family_Educational_Rights_and_Privacy_Act"
- }
-},
-{
- "model": "dojo.regulation",
- "pk": 4,
- "fields": {
- "name": "Sarbanes–Oxley Act",
- "acronym": "SOX",
- "category": "finance",
- "jurisdiction": "United States",
- "description": "The Sarbanes–Oxley Act of 2002 (SOX) is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms. There are also a number of provisions of the Act that also apply to privately held companies, for example the willful destruction of evidence to impede a Federal investigation.",
- "reference": "http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act"
- }
-},
-{
- "model": "dojo.regulation",
- "pk": 5,
- "fields": {
- "name": "Gramm–Leach–Bliley Act",
- "acronym": "GLBA",
- "category": "finance",
- "jurisdiction": "United States",
- "description": "The Gramm–Leach–Bliley Act (GLBA) is an act of the 106th United States Congress. It repealed part of the Glass–Steagall Act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies that prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company. With the bipartisan passage of the Gramm–Leach–Bliley Act, commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Furthermore, it failed to give to the SEC or any other financial regulatory agency the authority to regulate large investment bank holding companies.",
- "reference": "http://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act"
- }
-},
-{
- "model": "dojo.regulation",
- "pk": 6,
- "fields": {
- "name": "Personal Information Protection and Electronic Documents Act",
- "acronym": "PIPEDA",
- "category": "privacy",
- "jurisdiction": "Canada",
- "description": "The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. PIPEDA became law on 13 April 2000 to promote consumer trust in electronic commerce. The act was also intended to reassure the European Union that the Canadian privacy law was adequate to protect the personal information of European citizens.",
- "reference": "http://en.wikipedia.org/wiki/Personal_Information_Protection_and_Electronic_Documents_Act"
- }
-},
-{
- "model": "dojo.regulation",
- "pk": 7,
- "fields": {
- "name": "Data Protection Act 1998",
- "acronym": "DPA",
- "category": "privacy",
- "jurisdiction": "United Kingdom",
- "description": "The Data Protection Act 1998 (DPA) is an Act of Parliament of the United Kingdom of Great Britain and Northern Ireland which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring British law into line with the EU data protection directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves. Most of the Act does not apply to domestic use, for example keeping a personal address book. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles. It also requires companies and individuals to keep personal information to themselves.",
- "reference": "http://en.wikipedia.org/wiki/Data_Protection_Act_1998"
- }
-},
-{
- "model": "dojo.regulation",
- "pk": 8,
- "fields": {
- "name": "Children's Online Privacy Protection Act",
- "acronym": "COPPA",
- "category": "privacy",
- "jurisdiction": "United States",
- "description": "The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law that applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing to those under 13. While children under 13 can legally give out personal information with their parents' permission, many websites disallow underage children from using their services altogether due to the amount of cash and work involved in the law compliance.",
- "reference": "http://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act"
- }
-},
-{
- "model": "dojo.regulation",
- "pk": 9,
- "fields": {
- "name": "California Security Breach Information Act",
- "acronym": "CA SB-1386",
- "category": "privacy",
- "jurisdiction": "United States, California",
- "description": "In the United States, the California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those individuals if the security of their information is compromised. The Act stipulates that if there's a security breach of a database containing personal data, the responsible organization must notify each individual for whom it maintained information. The Act, which went into effect July 1, 2003, was created to help stem the increasing incidence of identity theft.",
- "reference": "http://en.wikipedia.org/wiki/California_S.B._1386"
- }
-},
-{
- "model": "dojo.regulation",
- "pk": 10,
- "fields": {
- "name": "California Online Privacy Protection Act",
- "acronym": "OPPA",
- "category": "privacy",
- "jurisdiction": "United States, California",
- "description": "The California Online Privacy Protection Act of 2003 (OPPA), effective as of July 1, 2004, is a California State Law. According to this law, operators of commercial websites that collect Personally identifiable information from California's residents are required to conspicuously post and comply with a privacy policy that meets certain requirements.",
- "reference": "http://en.wikipedia.org/wiki/Online_Privacy_Protection_Act"
- }
-},
-{
- "model": "dojo.regulation",
- "pk": 11,
- "fields": {
- "name": "Data Protection Directive",
- "acronym": "Directive 95/46/EC",
- "category": "privacy",
- "jurisdiction": "European Union",
- "description": "The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is a European Union directive adopted in 1995 which regulates the processing of personal data within the European Union. It is an important component of EU privacy and human rights law.",
- "reference": "http://en.wikipedia.org/wiki/Data_Protection_Directive"
- }
-},
-{
- "model": "dojo.regulation",
- "pk": 12,
- "fields": {
- "name": "Directive on Privacy and Electronic Communications",
- "acronym": "Directive 2002/58/EC",
- "category": "privacy",
- "jurisdiction": "European Union",
- "description": "Directive 2002/58 on Privacy and Electronic Communications, otherwise known as E-Privacy Directive, is an EU directive on data protection and privacy in the digital age. It presents a continuation of earlier efforts, most directly the Data Protection Directive. It deals with the regulation of a number of important issues such as confidentiality of information, treatment of traffic data, spam and cookies. This Directive has been amended by Directive 2009/136, which introduces several changes, especially in what concerns cookies, that are now subject to prior consent.",
- "reference": "http://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electronic_Communications"
- }
-},
-{
- "model": "dojo.regulation",
- "pk": 13,
- "fields": {
- "name": "General Data Protection Regulation",
- "acronym": "GDPR",
- "category": "privacy",
- "jurisdiction": "EU & EU Data Extra-Territorial Applicability",
- "description": "The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.\r\n\r\nSuperseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personally identifiable information of data subjects inside the European Union, and applies to all enterprises, regardless of location, that are doing business with the European Economic Area. Business processes that handle personal data must be built with data protection by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent from the data's owner. The data owner has the right to revoke this permission at any time.",
- "reference": "https://www.eugdpr.org/"
- }
-},
-{
- "model": "dojo.usercontactinfo",
- "pk": 1,
- "fields": {
- "user": 1,
- "title": null,
- "phone_number": "",
- "cell_number": "",
- "twitter_username": null,
- "github_username": null,
- "slack_username": null,
- "slack_user_id": null,
- "block_execution": false,
- "force_password_reset": false
- }
-},
-{
- "model": "dojo.usercontactinfo",
- "pk": 2,
- "fields": {
- "user": 2,
- "title": null,
- "phone_number": "",
- "cell_number": "",
- "twitter_username": null,
- "github_username": null,
- "slack_username": null,
- "slack_user_id": null,
- "block_execution": false,
- "force_password_reset": false
- }
-},
-{
- "model": "dojo.usercontactinfo",
- "pk": 3,
- "fields": {
- "user": 3,
- "title": null,
- "phone_number": "",
- "cell_number": "",
- "twitter_username": null,
- "github_username": null,
- "slack_username": null,
- "slack_user_id": null,
- "block_execution": false,
- "force_password_reset": false
- }
-},
-{
- "model": "dojo.role",
- "pk": 1,
- "fields": {
- "name": "API_Importer",
- "is_owner": false
- }
-},
-{
- "model": "dojo.role",
- "pk": 2,
- "fields": {
- "name": "Writer",
- "is_owner": false
- }
-},
-{
- "model": "dojo.role",
- "pk": 3,
- "fields": {
- "name": "Maintainer",
- "is_owner": false
- }
-},
-{
- "model": "dojo.role",
- "pk": 4,
- "fields": {
- "name": "Owner",
- "is_owner": true
- }
-},
-{
- "model": "dojo.role",
- "pk": 5,
- "fields": {
- "name": "Reader",
- "is_owner": false
- }
-},
-{
- "model": "dojo.system_settings",
- "pk": 1,
- "fields": {
- "enable_deduplication": false,
- "delete_duplicates": false,
- "max_dupes": null,
- "email_from": "no-reply@example.com",
- "enable_jira": false,
- "enable_jira_web_hook": false,
- "disable_jira_webhook_secret": false,
- "jira_webhook_secret": null,
- "jira_minimum_severity": null,
- "jira_labels": null,
- "add_vulnerability_id_to_jira_label": false,
- "enable_github": false,
- "enable_slack_notifications": false,
- "slack_channel": "",
- "slack_token": "",
- "slack_username": "",
- "enable_msteams_notifications": false,
- "msteams_url": "",
- "enable_mail_notifications": false,
- "mail_notifications_to": "",
- "enable_webhooks_notifications": false,
- "webhooks_notifications_timeout": 10,
- "enforce_verified_status": true,
- "enforce_verified_status_jira": true,
- "enforce_verified_status_product_grading": true,
- "enforce_verified_status_metrics": true,
- "false_positive_history": false,
- "retroactive_false_positive_history": false,
- "url_prefix": "",
- "team_name": "",
- "time_zone": "UTC",
- "enable_product_grade": true,
- "product_grade": "def grade_product(crit, high, med, low):\r\n health=100\r\n if crit > 0:\r\n health = 40\r\n health = health - ((crit - 1) * 5)\r\n if high > 0:\r\n if health == 100:\r\n health = 60\r\n health = health - ((high - 1) * 3)\r\n if med > 0:\r\n if health == 100:\r\n health = 80\r\n health = health - ((med - 1) * 2)\r\n if low > 0:\r\n if health == 100:\r\n health = 95\r\n health = health - low\r\n\r\n if health < 5:\r\n health = 5\r\n\r\n return health",
- "product_grade_a": 90,
- "product_grade_b": 80,
- "product_grade_c": 70,
- "product_grade_d": 60,
- "product_grade_f": 59,
- "enable_product_tag_inheritance": false,
- "enable_benchmark": true,
- "enable_template_match": false,
- "enable_similar_findings": true,
- "engagement_auto_close": false,
- "engagement_auto_close_days": 3,
- "enable_finding_sla": true,
- "enable_notify_sla_active": false,
- "enable_notify_sla_active_verified": false,
- "enable_notify_sla_jira_only": false,
- "enable_notify_sla_exponential_backoff": false,
- "allow_anonymous_survey_repsonse": false,
- "credentials": "",
- "disclaimer": "",
- "risk_acceptance_form_default_days": 180,
- "risk_acceptance_notify_before_expiration": 10,
- "enable_credentials": true,
- "enable_questionnaires": true,
- "enable_checklists": true,
- "enable_endpoint_metadata_import": true,
- "enable_user_profile_editable": true,
- "enable_product_tracking_files": true,
- "enable_finding_groups": true,
- "enable_ui_table_based_searching": true,
- "enable_calendar": true,
- "default_group": null,
- "default_group_role": null,
- "default_group_email_pattern": "",
- "minimum_password_length": 9,
- "maximum_password_length": 48,
- "number_character_required": true,
- "special_character_required": true,
- "lowercase_character_required": true,
- "uppercase_character_required": true,
- "non_common_password_required": true,
- "api_expose_error_details": false,
- "filter_string_matching": false
- }
-},
-{
- "model": "dojo.product_type",
- "pk": 1,
- "fields": {
- "name": "Research and Development",
- "description": null,
- "critical_product": false,
- "key_product": false,
- "updated": null,
- "created": null
- }
-},
-{
- "model": "dojo.product_type",
- "pk": 2,
- "fields": {
- "name": "Commerce",
- "description": null,
- "critical_product": true,
- "key_product": false,
- "updated": "2021-11-04T09:27:38.846Z",
- "created": null
- }
-},
-{
- "model": "dojo.product_type",
- "pk": 3,
- "fields": {
- "name": "Billing",
- "description": null,
- "critical_product": false,
- "key_product": true,
- "updated": "2021-11-04T09:27:51.762Z",
- "created": null
- }
-},
-{
- "model": "dojo.report_type",
- "pk": 1,
- "fields": {
- "name": "Type 1"
- }
-},
-{
- "model": "dojo.report_type",
- "pk": 2,
- "fields": {
- "name": "Type 2"
- }
-},
-{
- "model": "dojo.report_type",
- "pk": 3,
- "fields": {
- "name": "Type 3"
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 1,
- "fields": {
- "name": "API Test",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 2,
- "fields": {
- "name": "Static Check",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 3,
- "fields": {
- "name": "Pen Test",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 4,
- "fields": {
- "name": "Nessus Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 5,
- "fields": {
- "name": "Web Application Test",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 6,
- "fields": {
- "name": "Security Research",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 7,
- "fields": {
- "name": "Threat Modeling",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 8,
- "fields": {
- "name": "Veracode Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 9,
- "fields": {
- "name": "Burp Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 10,
- "fields": {
- "name": "Nexpose Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 11,
- "fields": {
- "name": "ZAP Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 12,
- "fields": {
- "name": "Checkmarx Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 13,
- "fields": {
- "name": "OpenVAS CSV",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 14,
- "fields": {
- "name": "Bandit Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 15,
- "fields": {
- "name": "SSL Labs Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 16,
- "fields": {
- "name": "AppSpider Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 17,
- "fields": {
- "name": "Dependency Check Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 18,
- "fields": {
- "name": "Generic Findings Import",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 19,
- "fields": {
- "name": "Nmap Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 20,
- "fields": {
- "name": "Node Security Platform Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 21,
- "fields": {
- "name": "Qualys Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 22,
- "fields": {
- "name": "Qualys Web App Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 23,
- "fields": {
- "name": "Retire.js Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 24,
- "fields": {
- "name": "SKF Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 25,
- "fields": {
- "name": "Snyk Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 27,
- "fields": {
- "name": "Trustwave",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 28,
- "fields": {
- "name": "VCG Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 29,
- "fields": {
- "name": "Manual Code Review",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 30,
- "fields": {
- "name": "Gosec Scanner",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 31,
- "fields": {
- "name": "NPM Audit Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 32,
- "fields": {
- "name": "Clair Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 33,
- "fields": {
- "name": "Acunetix Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 34,
- "fields": {
- "name": "Acunetix360 Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 35,
- "fields": {
- "name": "Anchore Engine Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 36,
- "fields": {
- "name": "Anchore Enterprise Policy Check",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 37,
- "fields": {
- "name": "Anchore Grype",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 38,
- "fields": {
- "name": "Aqua Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 39,
- "fields": {
- "name": "Arachni Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 40,
- "fields": {
- "name": "AuditJS Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 41,
- "fields": {
- "name": "AWS Prowler Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 42,
- "fields": {
- "name": "AWS Scout2 Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 43,
- "fields": {
- "name": "AWS Security Hub Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 44,
- "fields": {
- "name": "Azure Security Center Recommendations Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 45,
- "fields": {
- "name": "Blackduck Hub Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 46,
- "fields": {
- "name": "Blackduck Component Risk",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 47,
- "fields": {
- "name": "Brakeman Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 48,
- "fields": {
- "name": "BugCrowd Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 49,
- "fields": {
- "name": "Bundler-Audit Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 50,
- "fields": {
- "name": "Burp REST API",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 51,
- "fields": {
- "name": "Burp Enterprise Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 52,
- "fields": {
- "name": "Burp GraphQL API",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 53,
- "fields": {
- "name": "CargoAudit Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 54,
- "fields": {
- "name": "CCVS Report",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 55,
- "fields": {
- "name": "Checkmarx Scan detailed",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 56,
- "fields": {
- "name": "Checkmarx OSA",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 57,
- "fields": {
- "name": "Checkov Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 58,
- "fields": {
- "name": "Rusty Hog Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 59,
- "fields": {
- "name": "Clair Klar Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 60,
- "fields": {
- "name": "Cloudsploit Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 61,
- "fields": {
- "name": "Cobalt.io Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 62,
- "fields": {
- "name": "Cobalt.io API Import",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 63,
- "fields": {
- "name": "Contrast Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 64,
- "fields": {
- "name": "Coverity API",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 65,
- "fields": {
- "name": "Crashtest Security JSON File",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 66,
- "fields": {
- "name": "Crashtest Security XML File",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 67,
- "fields": {
- "name": "CredScan Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 68,
- "fields": {
- "name": "CycloneDX Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 69,
- "fields": {
- "name": "DawnScanner Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 70,
- "fields": {
- "name": "Dependency Track Finding Packaging Format (FPF) Export",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 71,
- "fields": {
- "name": "Detect-secrets Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 72,
- "fields": {
- "name": "Dockle Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 73,
- "fields": {
- "name": "DrHeader JSON Importer",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 74,
- "fields": {
- "name": "DSOP Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 75,
- "fields": {
- "name": "ESLint Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 76,
- "fields": {
- "name": "Fortify Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 77,
- "fields": {
- "name": "Github Vulnerability Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 78,
- "fields": {
- "name": "GitLab API Fuzzing Report Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 79,
- "fields": {
- "name": "GitLab Container Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 80,
- "fields": {
- "name": "GitLab DAST Report",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 81,
- "fields": {
- "name": "GitLab Dependency Scanning Report",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 82,
- "fields": {
- "name": "GitLab SAST Report",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 83,
- "fields": {
- "name": "GitLab Secret Detection Report",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 84,
- "fields": {
- "name": "Gitleaks Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 85,
- "fields": {
- "name": "HackerOne Cases",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 86,
- "fields": {
- "name": "Hadolint Dockerfile check",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 87,
- "fields": {
- "name": "Harbor Vulnerability Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 88,
- "fields": {
- "name": "HuskyCI Report",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 89,
- "fields": {
- "name": "IBM AppScan DAST",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 90,
- "fields": {
- "name": "Immuniweb Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 91,
- "fields": {
- "name": "IntSights Report",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 92,
- "fields": {
- "name": "JFrog Xray Unified Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 93,
- "fields": {
- "name": "JFrog Xray Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 94,
- "fields": {
- "name": "KICS Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 95,
- "fields": {
- "name": "Kiuwan Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 96,
- "fields": {
- "name": "kube-bench Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 97,
- "fields": {
- "name": "Meterian Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 98,
- "fields": {
- "name": "Microfocus Webinspect Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 99,
- "fields": {
- "name": "MobSF Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 100,
- "fields": {
- "name": "Mobsfscan Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 101,
- "fields": {
- "name": "Mozilla Observatory Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 102,
- "fields": {
- "name": "Nessus WAS Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 103,
- "fields": {
- "name": "Netsparker Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 104,
- "fields": {
- "name": "Nikto Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 105,
- "fields": {
- "name": "Nuclei Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 106,
- "fields": {
- "name": "Openscap Vulnerability Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 107,
- "fields": {
- "name": "ORT evaluated model Importer",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 108,
- "fields": {
- "name": "OssIndex Devaudit SCA Scan Importer",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 109,
- "fields": {
- "name": "Outpost24 Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 110,
- "fields": {
- "name": "PHP Security Audit v2",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 111,
- "fields": {
- "name": "PHP Symfony Security Check",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 112,
- "fields": {
- "name": "PMD Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 113,
- "fields": {
- "name": "Qualys Infrastructure Scan (WebGUI XML)",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 114,
- "fields": {
- "name": "Qualys Webapp Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 115,
- "fields": {
- "name": "Risk Recon API Importer",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 117,
- "fields": {
- "name": "SARIF",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 118,
- "fields": {
- "name": "Scantist Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 119,
- "fields": {
- "name": "Scout Suite Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 120,
- "fields": {
- "name": "Semgrep JSON Report",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 121,
- "fields": {
- "name": "SonarQube Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 122,
- "fields": {
- "name": "SonarQube Scan detailed",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 123,
- "fields": {
- "name": "SonarQube API Import",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 124,
- "fields": {
- "name": "Sonatype Application Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 125,
- "fields": {
- "name": "SpotBugs Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 126,
- "fields": {
- "name": "Sslscan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 127,
- "fields": {
- "name": "SSLyze Scan (JSON)",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 128,
- "fields": {
- "name": "Sslyze Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 129,
- "fields": {
- "name": "Terrascan Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 130,
- "fields": {
- "name": "Testssl Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 131,
- "fields": {
- "name": "TFSec Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 132,
- "fields": {
- "name": "Trivy Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 133,
- "fields": {
- "name": "Trufflehog Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 134,
- "fields": {
- "name": "Trufflehog3 Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 135,
- "fields": {
- "name": "Trustwave Scan (CSV)",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 136,
- "fields": {
- "name": "Trustwave Fusion API Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 137,
- "fields": {
- "name": "Twistlock Image Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 138,
- "fields": {
- "name": "Wapiti Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 139,
- "fields": {
- "name": "WFuzz JSON report",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 140,
- "fields": {
- "name": "WhiteHat Sentinel",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 141,
- "fields": {
- "name": "Mend Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 142,
- "fields": {
- "name": "Wpscan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 143,
- "fields": {
- "name": "Xanitizer Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 144,
- "fields": {
- "name": "Yarn Audit Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.test_type",
- "pk": 149,
- "fields": {
- "name": "JFrog Xray On Demand Binary Scan",
- "static_tool": false,
- "dynamic_tool": false,
- "active": true,
- "dynamically_generated": false
- }
-},
-{
- "model": "dojo.sla_configuration",
- "pk": 1,
- "fields": {
- "name": "Default",
- "description": "The Default SLA Configuration. Products not using an explicit SLA Configuration will use this one.",
- "critical": 7,
- "enforce_critical": true,
- "high": 30,
- "enforce_high": true,
- "medium": 90,
- "enforce_medium": true,
- "low": 120,
- "enforce_low": true,
- "async_updating": false
- }
-},
-{
- "model": "dojo.tagulous_product_tags",
- "pk": 1,
- "fields": {
- "name": "retire",
- "slug": "retire",
- "count": 1,
- "protected": false
- }
-},
-{
- "model": "dojo.product",
- "pk": 1,
- "fields": {
- "name": "BodgeIt",
- "description": "[Features](https://github.com/psiinon/bodgeit) and characteristics:\r\n\r\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\r\n* Self contained (no additional dependencies other than to 2 in the above line)\r\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\r\n* Cross platform\r\n* Open source\r\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up",
- "product_manager": 1,
- "technical_contact": 3,
- "team_manager": 2,
- "created": null,
- "prod_type": 2,
- "updated": "2025-01-17T16:52:28.298Z",
- "sla_configuration": 1,
- "tid": 0,
- "prod_numeric_grade": 5,
- "business_criticality": "high",
- "platform": "web",
- "lifecycle": "production",
- "origin": "internal",
- "user_records": 1000000000,
- "revenue": "1000.00",
- "external_audience": true,
- "internet_accessible": true,
- "enable_product_tag_inheritance": false,
- "enable_simple_risk_acceptance": false,
- "enable_full_risk_acceptance": true,
- "disable_sla_breach_notifications": false,
- "async_updating": false,
- "regulations": [
- 13,
- 1
- ],
- "tags": [
- "retire"
- ]
- }
-},
-{
- "model": "dojo.product",
- "pk": 2,
- "fields": {
- "name": "Internal CRM App",
- "description": "* New product in development that attempts to follow all best practices",
- "product_manager": 2,
- "technical_contact": 2,
- "team_manager": 3,
- "created": null,
- "prod_type": 2,
- "updated": "2025-01-17T16:52:28.346Z",
- "sla_configuration": 1,
- "tid": 0,
- "prod_numeric_grade": 51,
- "business_criticality": "medium",
- "platform": "web",
- "lifecycle": "construction",
- "origin": "internal",
- "user_records": null,
- "revenue": null,
- "external_audience": false,
- "internet_accessible": false,
- "enable_product_tag_inheritance": false,
- "enable_simple_risk_acceptance": false,
- "enable_full_risk_acceptance": true,
- "disable_sla_breach_notifications": false,
- "async_updating": false,
- "regulations": [],
- "tags": []
- }
-},
-{
- "model": "dojo.product",
- "pk": 3,
- "fields": {
- "name": "Apple Accounting Software",
- "description": "Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers",
- "product_manager": 1,
- "technical_contact": 3,
- "team_manager": 3,
- "created": null,
- "prod_type": 3,
- "updated": null,
- "sla_configuration": 1,
- "tid": 0,
- "prod_numeric_grade": null,
- "business_criticality": "high",
- "platform": "web",
- "lifecycle": "production",
- "origin": "purchased",
- "user_records": 5000,
- "revenue": null,
- "external_audience": true,
- "internet_accessible": false,
- "enable_product_tag_inheritance": false,
- "enable_simple_risk_acceptance": false,
- "enable_full_risk_acceptance": true,
- "disable_sla_breach_notifications": false,
- "async_updating": false,
- "regulations": [
- 5
- ],
- "tags": []
- }
-},
-{
- "model": "dojo.tool_type",
- "pk": 1,
- "fields": {
- "name": "DAST",
- "description": "Dynamic Application Security Testing"
- }
-},
-{
- "model": "dojo.tool_type",
- "pk": 2,
- "fields": {
- "name": "SAST",
- "description": "Static Application Security Testing"
- }
-},
-{
- "model": "dojo.tool_type",
- "pk": 3,
- "fields": {
- "name": "IAST",
- "description": "Interactive Application Security Testing"
- }
-},
-{
- "model": "dojo.tool_type",
- "pk": 4,
- "fields": {
- "name": "Source Code",
- "description": "Source Code Management"
- }
-},
-{
- "model": "dojo.tool_type",
- "pk": 5,
- "fields": {
- "name": "Build Sever",
- "description": "Build Server"
- }
-},
-{
- "model": "dojo.tool_configuration",
- "pk": 1,
- "fields": {
- "name": "Tool Configuration 1",
- "description": "test configuration",
- "url": "http://www.example.com",
- "tool_type": 1,
- "authentication_type": "Password",
- "extras": null,
- "username": "user1",
- "password": "user1",
- "auth_title": "",
- "ssh": "",
- "api_key": ""
- }
-},
-{
- "model": "dojo.tool_configuration",
- "pk": 2,
- "fields": {
- "name": "Tool Configuration 2",
- "description": "test configuration",
- "url": "http://www.example.com",
- "tool_type": 2,
- "authentication_type": "API",
- "extras": null,
- "username": "",
- "password": "",
- "auth_title": "test key",
- "ssh": "",
- "api_key": "test string"
- }
-},
-{
- "model": "dojo.tool_configuration",
- "pk": 3,
- "fields": {
- "name": "Tool Configuration 3",
- "description": "test configuration",
- "url": "http://www.example.com",
- "tool_type": 3,
- "authentication_type": "SSH",
- "extras": null,
- "username": "",
- "password": "",
- "auth_title": "test ssh",
- "ssh": "test string",
- "api_key": ""
- }
-},
-{
- "model": "dojo.tagulous_engagement_tags",
- "pk": 2,
- "fields": {
- "name": "pci",
- "slug": "pci",
- "count": 2,
- "protected": false
- }
-},
-{
- "model": "dojo.engagement",
- "pk": 1,
- "fields": {
- "name": "1st Quarter Engagement",
- "description": "test Engagement",
- "version": null,
- "first_contacted": null,
- "target_start": "2021-06-30",
- "target_end": "2021-06-30",
- "lead": 2,
- "requester": null,
- "preset": null,
- "reason": null,
- "report_type": null,
- "product": 2,
- "updated": null,
- "created": null,
- "active": true,
- "tracker": null,
- "test_strategy": null,
- "threat_model": true,
- "api_test": true,
- "pen_test": true,
- "check_list": true,
- "status": "In Progress",
- "progress": "threat_model",
- "tmodel_path": "none",
- "done_testing": false,
- "engagement_type": "Interactive",
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "build_server": null,
- "source_code_management_server": null,
- "source_code_management_uri": null,
- "orchestration_engine": null,
- "deduplication_on_engagement": false,
- "notes": [],
- "files": [],
- "risk_acceptance": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.engagement",
- "pk": 2,
- "fields": {
- "name": "April Monthly Engagement",
- "description": "Requested by the team for regular manual checkup by the security team.",
- "version": null,
- "first_contacted": null,
- "target_start": "2021-06-30",
- "target_end": "2021-06-30",
- "lead": 1,
- "requester": null,
- "preset": null,
- "reason": null,
- "report_type": null,
- "product": 1,
- "updated": "2021-11-04T09:15:49.870Z",
- "created": null,
- "active": false,
- "tracker": null,
- "test_strategy": "",
- "threat_model": true,
- "api_test": true,
- "pen_test": true,
- "check_list": true,
- "status": "Completed",
- "progress": "threat_model",
- "tmodel_path": "none",
- "done_testing": false,
- "engagement_type": "Interactive",
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "build_server": null,
- "source_code_management_server": null,
- "source_code_management_uri": null,
- "orchestration_engine": null,
- "deduplication_on_engagement": false,
- "notes": [],
- "files": [],
- "risk_acceptance": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.engagement",
- "pk": 3,
- "fields": {
- "name": "weekly engagement",
- "description": "test Engagement",
- "version": null,
- "first_contacted": null,
- "target_start": "2021-06-21",
- "target_end": "2021-06-22",
- "lead": 2,
- "requester": null,
- "preset": null,
- "reason": null,
- "report_type": null,
- "product": 2,
- "updated": null,
- "created": null,
- "active": true,
- "tracker": null,
- "test_strategy": null,
- "threat_model": true,
- "api_test": true,
- "pen_test": true,
- "check_list": true,
- "status": "Completed",
- "progress": "threat_model",
- "tmodel_path": "none",
- "done_testing": false,
- "engagement_type": "Interactive",
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "build_server": null,
- "source_code_management_server": null,
- "source_code_management_uri": null,
- "orchestration_engine": null,
- "deduplication_on_engagement": false,
- "notes": [],
- "files": [],
- "risk_acceptance": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.engagement",
- "pk": 4,
- "fields": {
- "name": "Static Scan",
- "description": "Initial static scan for Bodgeit.",
- "version": "v.1.2.0",
- "first_contacted": null,
- "target_start": "2021-11-03",
- "target_end": "2021-11-10",
- "lead": 1,
- "requester": null,
- "preset": null,
- "reason": null,
- "report_type": null,
- "product": 1,
- "updated": "2021-11-04T09:14:58.726Z",
- "created": "2021-11-04T09:01:00.647Z",
- "active": false,
- "tracker": null,
- "test_strategy": "",
- "threat_model": false,
- "api_test": false,
- "pen_test": false,
- "check_list": false,
- "status": "Completed",
- "progress": "other",
- "tmodel_path": "none",
- "done_testing": false,
- "engagement_type": "Interactive",
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "build_server": null,
- "source_code_management_server": null,
- "source_code_management_uri": null,
- "orchestration_engine": null,
- "deduplication_on_engagement": false,
- "notes": [],
- "files": [],
- "risk_acceptance": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.engagement",
- "pk": 6,
- "fields": {
- "name": "Quarterly PCI Scan",
- "description": "Reccuring Quarterly Scan",
- "version": null,
- "first_contacted": null,
- "target_start": "2022-01-19",
- "target_end": "2022-01-26",
- "lead": 1,
- "requester": null,
- "preset": null,
- "reason": null,
- "report_type": null,
- "product": 1,
- "updated": "2021-11-04T09:26:47.339Z",
- "created": "2021-11-04T09:25:29.380Z",
- "active": true,
- "tracker": null,
- "test_strategy": "",
- "threat_model": false,
- "api_test": false,
- "pen_test": false,
- "check_list": false,
- "status": "Not Started",
- "progress": "other",
- "tmodel_path": "none",
- "done_testing": false,
- "engagement_type": "Interactive",
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "build_server": null,
- "source_code_management_server": null,
- "source_code_management_uri": null,
- "orchestration_engine": null,
- "deduplication_on_engagement": false,
- "notes": [],
- "files": [],
- "risk_acceptance": [],
- "tags": [
- "pci"
- ],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.engagement",
- "pk": 7,
- "fields": {
- "name": "Ad Hoc Engagement",
- "description": null,
- "version": null,
- "first_contacted": null,
- "target_start": "2021-11-03",
- "target_end": "2021-11-03",
- "lead": null,
- "requester": null,
- "preset": null,
- "reason": null,
- "report_type": null,
- "product": 2,
- "updated": "2021-11-04T09:36:15.136Z",
- "created": "2021-11-04T09:36:15.136Z",
- "active": false,
- "tracker": null,
- "test_strategy": null,
- "threat_model": true,
- "api_test": true,
- "pen_test": true,
- "check_list": true,
- "status": "",
- "progress": "threat_model",
- "tmodel_path": "none",
- "done_testing": false,
- "engagement_type": "Interactive",
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "build_server": null,
- "source_code_management_server": null,
- "source_code_management_uri": null,
- "orchestration_engine": null,
- "deduplication_on_engagement": false,
- "notes": [],
- "files": [],
- "risk_acceptance": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.engagement",
- "pk": 8,
- "fields": {
- "name": "Initial Assessment",
- "description": "This application needs to be assesed to determine the security posture.",
- "version": "10.2.1",
- "first_contacted": null,
- "target_start": "2021-12-20",
- "target_end": "2021-12-27",
- "lead": 1,
- "requester": null,
- "preset": null,
- "reason": null,
- "report_type": null,
- "product": 3,
- "updated": "2021-11-04T09:44:29.481Z",
- "created": "2021-11-04T09:42:51.116Z",
- "active": true,
- "tracker": null,
- "test_strategy": "",
- "threat_model": false,
- "api_test": false,
- "pen_test": false,
- "check_list": false,
- "status": "Not Started",
- "progress": "other",
- "tmodel_path": "none",
- "done_testing": false,
- "engagement_type": "Interactive",
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "build_server": null,
- "source_code_management_server": null,
- "source_code_management_uri": null,
- "orchestration_engine": null,
- "deduplication_on_engagement": false,
- "notes": [],
- "files": [],
- "risk_acceptance": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.engagement",
- "pk": 10,
- "fields": {
- "name": "Multiple scanners",
- "description": "Example engagement with multiple scan types.",
- "version": "1.2.1",
- "first_contacted": null,
- "target_start": "2021-11-04",
- "target_end": "2021-11-04",
- "lead": 1,
- "requester": null,
- "preset": null,
- "reason": null,
- "report_type": null,
- "product": 1,
- "updated": "2021-11-05T06:49:39.475Z",
- "created": "2021-11-05T06:44:35.773Z",
- "active": false,
- "tracker": null,
- "test_strategy": "",
- "threat_model": false,
- "api_test": false,
- "pen_test": false,
- "check_list": false,
- "status": "Completed",
- "progress": "threat_model",
- "tmodel_path": "none",
- "done_testing": false,
- "engagement_type": "Interactive",
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "build_server": null,
- "source_code_management_server": null,
- "source_code_management_uri": null,
- "orchestration_engine": null,
- "deduplication_on_engagement": false,
- "notes": [],
- "files": [],
- "risk_acceptance": [],
- "tags": [
- "pci"
- ],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.engagement",
- "pk": 11,
- "fields": {
- "name": "Manual PenTest",
- "description": "Please do a manual pentest before our next release to prod.",
- "version": "1.9.1",
- "first_contacted": null,
- "target_start": "2021-12-30",
- "target_end": "2022-01-02",
- "lead": 1,
- "requester": null,
- "preset": null,
- "reason": null,
- "report_type": null,
- "product": 1,
- "updated": "2021-11-05T06:55:42.622Z",
- "created": "2021-11-05T06:54:11.880Z",
- "active": true,
- "tracker": null,
- "test_strategy": "",
- "threat_model": false,
- "api_test": false,
- "pen_test": false,
- "check_list": false,
- "status": "Blocked",
- "progress": "other",
- "tmodel_path": "none",
- "done_testing": false,
- "engagement_type": "Interactive",
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "build_server": null,
- "source_code_management_server": null,
- "source_code_management_uri": null,
- "orchestration_engine": null,
- "deduplication_on_engagement": false,
- "notes": [],
- "files": [],
- "risk_acceptance": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.engagement",
- "pk": 12,
- "fields": {
- "name": "CI/CD Baseline Security Test",
- "description": "",
- "version": "1.1.2",
- "first_contacted": null,
- "target_start": "2021-11-04",
- "target_end": "2021-11-11",
- "lead": 1,
- "requester": null,
- "preset": null,
- "reason": null,
- "report_type": null,
- "product": 1,
- "updated": "2021-11-05T07:07:44.126Z",
- "created": "2021-11-05T07:06:26.136Z",
- "active": false,
- "tracker": "https://github.com/psiinon/bodgeit",
- "test_strategy": null,
- "threat_model": false,
- "api_test": false,
- "pen_test": false,
- "check_list": false,
- "status": "Completed",
- "progress": "other",
- "tmodel_path": "none",
- "done_testing": false,
- "engagement_type": "CI/CD",
- "build_id": "89",
- "commit_hash": "b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6",
- "branch_tag": "master",
- "build_server": null,
- "source_code_management_server": null,
- "source_code_management_uri": "https://github.com/psiinon/bodgeit",
- "orchestration_engine": null,
- "deduplication_on_engagement": false,
- "notes": [],
- "files": [],
- "risk_acceptance": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.engagement",
- "pk": 13,
- "fields": {
- "name": "AdHoc Import - Fri, 17 Aug 2018 18:20:55",
- "description": null,
- "version": null,
- "first_contacted": null,
- "target_start": "2021-11-04",
- "target_end": "2021-11-04",
- "lead": null,
- "requester": null,
- "preset": null,
- "reason": null,
- "report_type": null,
- "product": 1,
- "updated": "2021-11-05T10:43:05.446Z",
- "created": "2021-11-05T10:43:05.446Z",
- "active": true,
- "tracker": null,
- "test_strategy": null,
- "threat_model": false,
- "api_test": false,
- "pen_test": false,
- "check_list": false,
- "status": "In Progress",
- "progress": "threat_model",
- "tmodel_path": "none",
- "done_testing": false,
- "engagement_type": "Interactive",
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "build_server": null,
- "source_code_management_server": null,
- "source_code_management_uri": null,
- "orchestration_engine": null,
- "deduplication_on_engagement": false,
- "notes": [],
- "files": [],
- "risk_acceptance": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 1,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "127.0.0.1",
- "port": 80,
- "path": "/endpoint/420/edit/",
- "query": null,
- "fragment": null,
- "product": 2,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 2,
- "fields": {
- "protocol": "ftp",
- "userinfo": null,
- "host": "localhost",
- "port": 21,
- "path": "/",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 3,
- "fields": {
- "protocol": "ssh",
- "userinfo": null,
- "host": "127.0.0.1",
- "port": 22,
- "path": null,
- "query": null,
- "fragment": null,
- "product": 3,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 4,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/bodgeit/login.jsp",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 5,
- "fields": {
- "protocol": null,
- "userinfo": null,
- "host": "127.0.0.1",
- "port": null,
- "path": null,
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 6,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/bodgeit/register.jsp",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 7,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/bodgeit/password.jsp",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 8,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/bodgeit/",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 9,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/bodgeit/basket.jsp",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 10,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/bodgeit/advanced.jsp",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 11,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/bodgeit/admin.jsp",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 12,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/bodgeit/about.jsp",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 13,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/bodgeit/contact.jsp",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 14,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/bodgeit/home.jsp",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 15,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/bodgeit/product.jsp",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 16,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/bodgeit/score.jsp",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 17,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/bodgeit/search.jsp",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 18,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.endpoint",
- "pk": 19,
- "fields": {
- "protocol": "http",
- "userinfo": null,
- "host": "localhost",
- "port": 8888,
- "path": "/bodgeit/logout.jsp",
- "query": null,
- "fragment": null,
- "product": 1,
- "endpoint_params": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.development_environment",
- "pk": 1,
- "fields": {
- "name": "AWS"
- }
-},
-{
- "model": "dojo.development_environment",
- "pk": 2,
- "fields": {
- "name": "Staging"
- }
-},
-{
- "model": "dojo.development_environment",
- "pk": 3,
- "fields": {
- "name": "Production"
- }
-},
-{
- "model": "dojo.development_environment",
- "pk": 4,
- "fields": {
- "name": "Test"
- }
-},
-{
- "model": "dojo.development_environment",
- "pk": 5,
- "fields": {
- "name": "Pre-prod"
- }
-},
-{
- "model": "dojo.development_environment",
- "pk": 6,
- "fields": {
- "name": "Lab"
- }
-},
-{
- "model": "dojo.development_environment",
- "pk": 7,
- "fields": {
- "name": "Development"
- }
-},
-{
- "model": "dojo.test",
- "pk": 3,
- "fields": {
- "engagement": 1,
- "lead": null,
- "test_type": 1,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-02-18T00:00:00Z",
- "target_end": "2021-02-27T00:00:00Z",
- "estimated_time": "00:00:00",
- "actual_time": "00:00:00",
- "percent_complete": 100,
- "environment": 1,
- "updated": null,
- "created": null,
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 13,
- "fields": {
- "engagement": 2,
- "lead": 2,
- "test_type": 1,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-03-21T01:00:00Z",
- "target_end": "2021-03-22T01:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": 100,
- "environment": 1,
- "updated": null,
- "created": null,
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 14,
- "fields": {
- "engagement": 1,
- "lead": null,
- "test_type": 1,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-02-18T00:00:00Z",
- "target_end": "2021-02-27T00:00:00Z",
- "estimated_time": "02:00:00",
- "actual_time": "00:30:00",
- "percent_complete": 100,
- "environment": 1,
- "updated": null,
- "created": null,
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 15,
- "fields": {
- "engagement": 4,
- "lead": 1,
- "test_type": 12,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-11-03T00:00:00Z",
- "target_end": "2021-11-03T00:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": 100,
- "environment": 7,
- "updated": "2021-11-04T09:01:30.563Z",
- "created": "2021-11-04T09:01:30.563Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 16,
- "fields": {
- "engagement": 4,
- "lead": 1,
- "test_type": 12,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-11-03T00:00:00Z",
- "target_end": "2021-11-03T00:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": 100,
- "environment": 7,
- "updated": "2021-11-04T09:03:25.139Z",
- "created": "2021-11-04T09:03:25.139Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 18,
- "fields": {
- "engagement": 6,
- "lead": 1,
- "test_type": 21,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2022-01-19T00:00:00Z",
- "target_end": "2022-01-24T00:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": null,
- "environment": 3,
- "updated": "2021-11-04T09:26:34.003Z",
- "created": "2021-11-04T09:25:46.327Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 19,
- "fields": {
- "engagement": 7,
- "lead": null,
- "test_type": 3,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-11-04T09:36:15.180Z",
- "target_end": "2021-11-04T09:36:15.180Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": null,
- "environment": null,
- "updated": "2021-11-04T09:36:15.180Z",
- "created": "2021-11-04T09:36:15.180Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 20,
- "fields": {
- "engagement": 8,
- "lead": 1,
- "test_type": 1,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-12-20T00:00:00Z",
- "target_end": "2021-12-27T00:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": null,
- "environment": 3,
- "updated": "2021-11-04T09:43:09.101Z",
- "created": "2021-11-04T09:43:09.101Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 21,
- "fields": {
- "engagement": 8,
- "lead": 1,
- "test_type": 19,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-12-20T00:00:00Z",
- "target_end": "2021-12-27T00:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": null,
- "environment": 2,
- "updated": "2021-11-04T09:43:23.410Z",
- "created": "2021-11-04T09:43:23.410Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 22,
- "fields": {
- "engagement": 8,
- "lead": 1,
- "test_type": 17,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-12-20T00:00:00Z",
- "target_end": "2021-12-27T00:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": null,
- "environment": 3,
- "updated": "2021-11-04T09:43:41.711Z",
- "created": "2021-11-04T09:43:41.711Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 23,
- "fields": {
- "engagement": 8,
- "lead": 1,
- "test_type": 11,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-12-20T00:00:00Z",
- "target_end": "2021-12-27T00:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": null,
- "environment": 3,
- "updated": "2021-11-04T09:44:01.815Z",
- "created": "2021-11-04T09:44:01.815Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 25,
- "fields": {
- "engagement": 10,
- "lead": 1,
- "test_type": 17,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-11-04T00:00:00Z",
- "target_end": "2021-11-04T00:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": 100,
- "environment": 7,
- "updated": "2021-11-05T06:44:35.814Z",
- "created": "2021-11-05T06:44:35.814Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 26,
- "fields": {
- "engagement": 10,
- "lead": 1,
- "test_type": 28,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-11-04T00:00:00Z",
- "target_end": "2021-11-04T00:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": 100,
- "environment": 7,
- "updated": "2021-11-05T06:46:06.450Z",
- "created": "2021-11-05T06:46:06.450Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 28,
- "fields": {
- "engagement": 10,
- "lead": 1,
- "test_type": 9,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-11-04T00:00:00Z",
- "target_end": "2021-11-04T00:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": 100,
- "environment": 7,
- "updated": "2021-11-05T06:47:17.517Z",
- "created": "2021-11-05T06:47:17.518Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 29,
- "fields": {
- "engagement": 11,
- "lead": 1,
- "test_type": 29,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-11-04T00:00:00Z",
- "target_end": "2021-11-11T00:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": null,
- "environment": 3,
- "updated": "2021-11-05T06:54:23.989Z",
- "created": "2021-11-05T06:54:23.989Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 30,
- "fields": {
- "engagement": 11,
- "lead": 1,
- "test_type": 3,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-11-04T00:00:00Z",
- "target_end": "2021-11-11T00:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": null,
- "environment": 5,
- "updated": "2021-11-05T06:54:35.499Z",
- "created": "2021-11-05T06:54:35.499Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 31,
- "fields": {
- "engagement": 12,
- "lead": 1,
- "test_type": 30,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-11-04T00:00:00Z",
- "target_end": "2021-11-04T00:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": 100,
- "environment": 7,
- "updated": "2021-11-05T07:07:18.034Z",
- "created": "2021-11-05T07:07:18.034Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.test",
- "pk": 32,
- "fields": {
- "engagement": 13,
- "lead": 1,
- "test_type": 9,
- "scan_type": null,
- "title": null,
- "description": null,
- "target_start": "2021-11-04T00:00:00Z",
- "target_end": "2021-11-04T00:00:00Z",
- "estimated_time": null,
- "actual_time": null,
- "percent_complete": 100,
- "environment": 7,
- "updated": "2021-11-05T10:43:05.485Z",
- "created": "2021-11-05T10:43:05.485Z",
- "version": null,
- "build_id": null,
- "commit_hash": null,
- "branch_tag": null,
- "api_scan_configuration": null,
- "notes": [],
- "files": [],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 2,
- "fields": {
- "title": "High Impact Test Finding",
- "date": "2021-03-21",
- "sla_start_date": null,
- "sla_expiration_date": "2021-04-20",
- "cwe": null,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "High",
- "description": "test finding",
- "mitigation": "test mitigation",
- "impact": "HIGH",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 3,
- "active": false,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.707Z",
- "review_requested_by": 1,
- "under_defect_review": false,
- "defect_review_requested_by": 1,
- "is_mitigated": false,
- "thread_id": 11,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": null,
- "last_reviewed_by": null,
- "param": null,
- "payload": null,
- "hash_code": "91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62",
- "line": null,
- "file_path": "",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": null,
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 1
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 3,
- "fields": {
- "title": "High Impact Test Finding",
- "date": "2021-03-21",
- "sla_start_date": null,
- "sla_expiration_date": "2021-04-20",
- "cwe": null,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "High",
- "description": "test finding",
- "mitigation": "test mitigation",
- "impact": "HIGH",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 3,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.280Z",
- "review_requested_by": 1,
- "under_defect_review": false,
- "defect_review_requested_by": 1,
- "is_mitigated": false,
- "thread_id": 11,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": null,
- "last_reviewed_by": null,
- "param": null,
- "payload": null,
- "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7",
- "line": null,
- "file_path": "",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": null,
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 1
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 4,
- "fields": {
- "title": "High Impact Test Finding",
- "date": "2021-03-21",
- "sla_start_date": null,
- "sla_expiration_date": "2021-04-20",
- "cwe": null,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "High",
- "description": "test finding",
- "mitigation": "test mitigation",
- "impact": "HIGH",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 3,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.297Z",
- "review_requested_by": 1,
- "under_defect_review": false,
- "defect_review_requested_by": 1,
- "is_mitigated": false,
- "thread_id": 11,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": null,
- "last_reviewed_by": null,
- "param": null,
- "payload": null,
- "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7",
- "line": null,
- "file_path": "",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": null,
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 1
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 5,
- "fields": {
- "title": "High Impact Test Finding",
- "date": "2021-03-21",
- "sla_start_date": null,
- "sla_expiration_date": "2021-04-20",
- "cwe": null,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "High",
- "description": "test finding",
- "mitigation": "test mitigation",
- "impact": "HIGH",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 3,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:12.850Z",
- "review_requested_by": 1,
- "under_defect_review": false,
- "defect_review_requested_by": 1,
- "is_mitigated": false,
- "thread_id": 11,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": null,
- "last_reviewed_by": null,
- "param": null,
- "payload": null,
- "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7",
- "line": null,
- "file_path": "",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": null,
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 1
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 6,
- "fields": {
- "title": "High Impact Test Finding",
- "date": "2021-03-21",
- "sla_start_date": null,
- "sla_expiration_date": "2021-04-20",
- "cwe": null,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "High",
- "description": "test finding",
- "mitigation": "test mitigation",
- "impact": "HIGH",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 3,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.314Z",
- "review_requested_by": 1,
- "under_defect_review": false,
- "defect_review_requested_by": 1,
- "is_mitigated": false,
- "thread_id": 11,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": null,
- "last_reviewed_by": null,
- "param": null,
- "payload": null,
- "hash_code": "5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7",
- "line": null,
- "file_path": "",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": null,
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 1
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 7,
- "fields": {
- "title": "Dummy Finding",
- "date": "2021-03-20",
- "sla_start_date": null,
- "sla_expiration_date": "2021-04-19",
- "cwe": 1,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "http://www.example.com",
- "severity": "High",
- "description": "TEST finding",
- "mitigation": "MITIGATION",
- "impact": "HIGH",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 3,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.331Z",
- "review_requested_by": 2,
- "under_defect_review": false,
- "defect_review_requested_by": 2,
- "is_mitigated": false,
- "thread_id": 1,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 2,
- "numerical_severity": "S1",
- "last_reviewed": null,
- "last_reviewed_by": null,
- "param": null,
- "payload": null,
- "hash_code": "c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0",
- "line": 100,
- "file_path": "",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": null,
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 1
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 8,
- "fields": {
- "title": "SQL Injection (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.691Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:32.587Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0",
- "line": 30,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:32.590Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 9,
- "fields": {
- "title": "Download of Code Without Integrity Check (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.758Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:32.763Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5",
- "line": 1,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:32.769Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 10,
- "fields": {
- "title": "Missing X Frame Options (web.xml)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 829,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.904Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:32.945Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869",
- "line": 1,
- "file_path": "/root/WEB-INF/web.xml",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:32.948Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 11,
- "fields": {
- "title": "Information Exposure Through an Error Message (AdvancedSearch.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.527Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:33.122Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc",
- "line": 134,
- "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:33.124Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 12,
- "fields": {
- "title": "Improper Resource Shutdown or Release (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.331Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:33.265Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27",
- "line": 25,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:33.268Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 13,
- "fields": {
- "title": "Reflected XSS All Clients (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.484Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:33.435Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828",
- "line": 141,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:33.438Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 14,
- "fields": {
- "title": "HttpOnlyCookies (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 10706,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.422Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:33.599Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924",
- "line": 46,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:33.602Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 15,
- "fields": {
- "title": "CGI Reflected XSS All Clients (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.344Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:33.751Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166",
- "line": 96,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:33.755Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 16,
- "fields": {
- "title": "Hardcoded Password in Connection String (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.192Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:33.902Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33",
- "line": 1,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:33.905Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 17,
- "fields": {
- "title": "Client Insecure Randomness (encryption.js)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 330,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.380Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:34.056Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6",
- "line": 127,
- "file_path": "/root/js/encryption.js",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:34.060Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 18,
- "fields": {
- "title": "SQL Injection (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.659Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:34.206Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f",
- "line": 24,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:34.209Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 19,
- "fields": {
- "title": "Stored XSS (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\" | \" + product + \" | \");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.772Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:34.370Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7",
- "line": 257,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:34.373Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 20,
- "fields": {
- "title": "CGI Stored XSS (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \" | \" + nf.format(price) + \" | \");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.486Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:34.527Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7",
- "line": 31,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:34.530Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 21,
- "fields": {
- "title": "Not Using a Random IV With CBC Mode (AES.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 329,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.933Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:34.699Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c",
- "line": 96,
- "file_path": "/src/com/thebodgeitstore/util/AES.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:34.702Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 22,
- "fields": {
- "title": "Collapse of Data Into Unsafe Value (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 182,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.396Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:34.861Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597",
- "line": 37,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:34.865Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 23,
- "fields": {
- "title": "Stored Boundary Violation (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 646,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.227Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:35.037Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca",
- "line": 22,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:35.040Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 24,
- "fields": {
- "title": "Hardcoded Password in Connection String (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.053Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:35.227Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c",
- "line": 1,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:35.231Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 25,
- "fields": {
- "title": "Blind SQL Injections (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.286Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:35.385Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61",
- "line": 24,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:35.388Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 26,
- "fields": {
- "title": "Heap Inspection (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 244,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.301Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:35.561Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e",
- "line": 10,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:35.563Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 27,
- "fields": {
- "title": "Use of Cryptographically Weak PRNG (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 338,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.640Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:35.724Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195",
- "line": 24,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:35.729Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 28,
- "fields": {
- "title": "Trust Boundary Violation (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 501,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.577Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:35.900Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019",
- "line": 22,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:35.904Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 29,
- "fields": {
- "title": "Information Exposure Through an Error Message (admin.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.542Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:36.147Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00",
- "line": 53,
- "file_path": "/root/admin.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:36.151Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 30,
- "fields": {
- "title": "Reliance on Cookies in a Decision (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 784,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.041Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:36.394Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717",
- "line": 280,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:36.397Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 31,
- "fields": {
- "title": "Empty Password in Connection String (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.642Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:36.583Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f",
- "line": 1,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:36.586Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 32,
- "fields": {
- "title": "Improper Resource Access Authorization (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.977Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:36.777Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a",
- "line": 24,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:36.781Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 33,
- "fields": {
- "title": "Client Cross Frame Scripting Attack (advanced.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.583Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:36.972Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b",
- "line": 1,
- "file_path": "/root/advanced.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:36.976Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 34,
- "fields": {
- "title": "Hardcoded Password in Connection String (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.145Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:37.206Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905",
- "line": 1,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:37.211Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 35,
- "fields": {
- "title": "HttpOnlyCookies in Config (web.xml)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 10706,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.499Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:37.491Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c",
- "line": 1,
- "file_path": "/root/WEB-INF/web.xml",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:37.495Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 36,
- "fields": {
- "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.138Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:37.698Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08",
- "line": 130,
- "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:37.702Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 37,
- "fields": {
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 614,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.165Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:37.891Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03",
- "line": 56,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:37.894Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 38,
- "fields": {
- "title": "CGI Reflected XSS All Clients (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.328Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:38.079Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800",
- "line": 78,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:38.083Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 39,
- "fields": {
- "title": "Suspected XSS (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** | <%=username%> | \n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.306Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:38.277Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17",
- "line": 57,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:38.281Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 40,
- "fields": {
- "title": "Hardcoded Password in Connection String (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.989Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:38.495Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625",
- "line": 1,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:38.499Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 41,
- "fields": {
- "title": "Hardcoded Password in Connection String (dbconnection.jspf)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.038Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:38.690Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904",
- "line": 1,
- "file_path": "/root/dbconnection.jspf",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:38.694Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 42,
- "fields": {
- "title": "Empty Password in Connection String (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.675Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:38.891Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653",
- "line": 1,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:38.895Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 43,
- "fields": {
- "title": "Download of Code Without Integrity Check (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.727Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:39.102Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698",
- "line": 1,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:39.107Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 44,
- "fields": {
- "title": "Information Exposure Through an Error Message (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.686Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:39.295Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63",
- "line": 41,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:39.298Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 45,
- "fields": {
- "title": "SQL Injection (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.628Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:39.444Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce",
- "line": 15,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:39.448Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 46,
- "fields": {
- "title": "Empty Password in Connection String (advanced.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.443Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:39.613Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120",
- "line": 1,
- "file_path": "/root/advanced.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:39.616Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 47,
- "fields": {
- "title": "CGI Stored XSS (score.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.551Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:39.809Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c",
- "line": 19,
- "file_path": "/root/score.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:39.814Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 48,
- "fields": {
- "title": "Plaintext Storage in a Cookie (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 315,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.964Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:40.001Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81",
- "line": 84,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:40.005Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 49,
- "fields": {
- "title": "Information Exposure Through an Error Message (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.605Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:40.173Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c",
- "line": 75,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:40.176Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 50,
- "fields": {
- "title": "Hardcoded Password in Connection String (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.958Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:40.351Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f",
- "line": 1,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:40.355Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 51,
- "fields": {
- "title": "Stored XSS (admin.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \" | \" + rs.getString(\"name\") +\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.724Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:40.535Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05",
- "line": 21,
- "file_path": "/root/admin.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:40.539Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 52,
- "fields": {
- "title": "Download of Code Without Integrity Check (admin.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.598Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:40.710Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4",
- "line": 1,
- "file_path": "/root/admin.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:40.715Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 53,
- "fields": {
- "title": "Empty Password in Connection String (init.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.582Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:40.865Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841",
- "line": 1,
- "file_path": "/root/init.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:40.869Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 54,
- "fields": {
- "title": "Heap Inspection (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 244,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.271Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:41.019Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2",
- "line": 8,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:41.022Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 55,
- "fields": {
- "title": "Download of Code Without Integrity Check (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.820Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:41.175Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447",
- "line": 1,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:41.178Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 56,
- "fields": {
- "title": "Session Fixation (AdvancedSearch.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 384,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.516Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:41.332Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21",
- "line": 48,
- "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:41.335Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 57,
- "fields": {
- "title": "Stored XSS (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \" | \" + rs.getString(\"PRICE\") + \" | \\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \" | \\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"| \" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\" |
| \" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.970Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:41.491Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c",
- "line": 49,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:41.494Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 58,
- "fields": {
- "title": "Empty Password in Connection String (dbconnection.jspf)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.505Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:41.667Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659",
- "line": 1,
- "file_path": "/root/dbconnection.jspf",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:41.669Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 59,
- "fields": {
- "title": "Hardcoded Password in Connection String (init.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.084Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:41.817Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d",
- "line": 1,
- "file_path": "/root/init.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:41.820Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 60,
- "fields": {
- "title": "Reflected XSS All Clients (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\" |
| \" + comments + \" |
\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" |
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.499Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:41.970Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08",
- "line": 37,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:41.972Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 61,
- "fields": {
- "title": "HttpOnlyCookies (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 10706,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.376Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:42.127Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932",
- "line": 38,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:42.130Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 62,
- "fields": {
- "title": "Download of Code Without Integrity Check (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.836Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:42.298Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f",
- "line": 1,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:42.302Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 63,
- "fields": {
- "title": "Stored XSS (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \" | \" + nf.format(price) + \" | \");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.855Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:42.453Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02",
- "line": 31,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:42.457Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 64,
- "fields": {
- "title": "Empty Password in Connection String (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.552Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:42.617Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36",
- "line": 1,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:42.620Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 65,
- "fields": {
- "title": "Reflected XSS All Clients (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.547Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:42.793Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1",
- "line": 96,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:42.796Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 66,
- "fields": {
- "title": "Improper Resource Access Authorization (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.025Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:42.953Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628",
- "line": 42,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:42.956Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 67,
- "fields": {
- "title": "Download of Code Without Integrity Check (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.789Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:43.112Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf",
- "line": 1,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:43.115Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 68,
- "fields": {
- "title": "Download of Code Without Integrity Check (score.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.881Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:43.267Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab",
- "line": 1,
- "file_path": "/root/score.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:43.269Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 69,
- "fields": {
- "title": "Improper Resource Access Authorization (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.831Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:43.428Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f",
- "line": 55,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:43.431Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 70,
- "fields": {
- "title": "Race Condition Format Flaw (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 362,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\" | \" + nf.format(pricetopay) + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.980Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:43.592Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a",
- "line": 262,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:43.595Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 71,
- "fields": {
- "title": "Empty Password in Connection String (header.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.521Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:43.749Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e",
- "line": 89,
- "file_path": "/root/header.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:43.752Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 72,
- "fields": {
- "title": "Improper Resource Access Authorization (FunctionalZAP.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.785Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:43.927Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725",
- "line": 31,
- "file_path": "/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:43.931Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 73,
- "fields": {
- "title": "Suspected XSS (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.274Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:44.088Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a",
- "line": 89,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:44.091Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 74,
- "fields": {
- "title": "Use of Cryptographically Weak PRNG (init.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 338,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.670Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:44.247Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2",
- "line": 1,
- "file_path": "/root/init.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:44.250Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 75,
- "fields": {
- "title": "CGI Stored XSS (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \" | \" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\" | \" +\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.518Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:44.405Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20",
- "line": 49,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:44.408Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 76,
- "fields": {
- "title": "Improper Resource Shutdown or Release (init.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.347Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:44.595Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2",
- "line": 1,
- "file_path": "/root/init.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:44.599Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 77,
- "fields": {
- "title": "Download of Code Without Integrity Check (header.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.680Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:44.794Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2",
- "line": 87,
- "file_path": "/root/header.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:44.798Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 78,
- "fields": {
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.266Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:44.955Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1",
- "line": 274,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:44.961Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 79,
- "fields": {
- "title": "Blind SQL Injections (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.239Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:45.164Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551",
- "line": 15,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:45.167Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 80,
- "fields": {
- "title": "Client DOM Open Redirect (advanced.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 601,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.334Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:45.335Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93",
- "line": 48,
- "file_path": "/root/advanced.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:45.338Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 81,
- "fields": {
- "title": "Hardcoded Password in Connection String (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.208Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:45.492Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea",
- "line": 1,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:45.495Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 82,
- "fields": {
- "title": "CGI Stored XSS (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\" | \" + product + \" | \");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.407Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:45.664Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242",
- "line": 257,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:45.667Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 83,
- "fields": {
- "title": "Use of Insufficiently Random Values (init.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 330,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.793Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:45.806Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48",
- "line": 1,
- "file_path": "/root/init.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:45.809Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 84,
- "fields": {
- "title": "Missing X Frame Options (web.xml)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 829,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.857Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:45.944Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3",
- "line": 1,
- "file_path": "/build/WEB-INF/web.xml",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:45.947Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 85,
- "fields": {
- "title": "Reflected XSS All Clients (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>
\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.595Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:46.090Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06",
- "line": 18,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:46.093Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 86,
- "fields": {
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 614,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.149Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:46.239Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb",
- "line": 84,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:46.242Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 87,
- "fields": {
- "title": "Information Exposure Through an Error Message (score.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.810Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:46.413Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9",
- "line": 37,
- "file_path": "/root/score.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:46.417Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 88,
- "fields": {
- "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 321,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.718Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:46.579Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be",
- "line": 26,
- "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:46.582Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 89,
- "fields": {
- "title": "Reliance on Cookies in a Decision (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 784,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.118Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:46.727Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41",
- "line": 56,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:46.729Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 90,
- "fields": {
- "title": "Stored XSS (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \" | \" + rs.getString(\"comment\") + \" | \");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \" | \" + rs.getString(\"comment\") + \" | \");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \" | \" + rs.getString(\"comment\") + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.823Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:46.880Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e",
- "line": 68,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:46.883Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 91,
- "fields": {
- "title": "CGI Stored XSS (admin.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \" | \" + rs.getString(\"name\") +\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.391Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:47.029Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991",
- "line": 21,
- "file_path": "/root/admin.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:47.032Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 92,
- "fields": {
- "title": "Heap Inspection (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 244,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.331Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:47.166Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd",
- "line": 7,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:47.169Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 93,
- "fields": {
- "title": "Improper Resource Shutdown or Release (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.478Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:47.311Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992",
- "line": 57,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:47.314Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 94,
- "fields": {
- "title": "Information Exposure Through an Error Message (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.765Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:47.456Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19",
- "line": 70,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:47.459Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 95,
- "fields": {
- "title": "Improper Resource Access Authorization (init.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.907Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:47.612Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610",
- "line": 1,
- "file_path": "/root/init.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:47.615Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 96,
- "fields": {
- "title": "CGI Stored XSS (header.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.439Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:47.772Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d",
- "line": 29,
- "file_path": "/root/header.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:47.776Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 97,
- "fields": {
- "title": "Blind SQL Injections (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.222Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:47.928Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31",
- "line": 173,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:47.932Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 98,
- "fields": {
- "title": "HttpOnlyCookies in Config (web.xml)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 10706,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.452Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:48.086Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0",
- "line": 1,
- "file_path": "/build/WEB-INF/web.xml",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:48.091Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 99,
- "fields": {
- "title": "Use of Hard Coded Cryptographic Key (AES.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 321,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.685Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:48.245Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b",
- "line": 53,
- "file_path": "/src/com/thebodgeitstore/util/AES.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:48.247Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 100,
- "fields": {
- "title": "Improper Resource Shutdown or Release (score.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.461Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:48.415Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201",
- "line": 14,
- "file_path": "/root/score.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:48.418Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 101,
- "fields": {
- "title": "CGI Reflected XSS All Clients (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.251Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:48.572Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02",
- "line": 141,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:48.575Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 102,
- "fields": {
- "title": "Stored XSS (score.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\" | \" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.939Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:48.730Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d",
- "line": 19,
- "file_path": "/root/score.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:48.732Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 103,
- "fields": {
- "title": "Information Exposure Through an Error Message (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.589Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:48.887Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd",
- "line": 65,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:48.890Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 104,
- "fields": {
- "title": "Improper Resource Access Authorization (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.107Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:49.057Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10",
- "line": 14,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:49.061Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 105,
- "fields": {
- "title": "Improper Resource Access Authorization (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.892Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:49.227Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17",
- "line": 14,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:49.230Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 106,
- "fields": {
- "title": "Improper Resource Shutdown or Release (admin.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.168Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:49.387Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6",
- "line": 40,
- "file_path": "/root/admin.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:49.390Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 107,
- "fields": {
- "title": "Information Exposure Through an Error Message (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.825Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:49.551Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2",
- "line": 58,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:49.553Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 108,
- "fields": {
- "title": "Blind SQL Injections (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.318Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:49.693Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336",
- "line": 30,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:49.698Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 109,
- "fields": {
- "title": "Reliance on Cookies in a Decision (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 784,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.072Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:49.844Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9",
- "line": 45,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:49.847Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 110,
- "fields": {
- "title": "Download of Code Without Integrity Check (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.897Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:49.989Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a",
- "line": 1,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:49.992Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 111,
- "fields": {
- "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 567,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.338Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:50.130Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87",
- "line": 93,
- "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:50.133Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 112,
- "fields": {
- "title": "Empty Password in Connection String (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.753Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:50.269Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95",
- "line": 1,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:50.272Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 113,
- "fields": {
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.249Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:50.422Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1",
- "line": 274,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:50.425Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 114,
- "fields": {
- "title": "Improper Resource Access Authorization (score.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.091Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:50.580Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40",
- "line": 14,
- "file_path": "/root/score.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:50.583Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 115,
- "fields": {
- "title": "Session Fixation (logout.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 384,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.561Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:50.754Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10",
- "line": 3,
- "file_path": "/root/logout.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:50.757Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 116,
- "fields": {
- "title": "Hardcoded Password in Connection String (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.130Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:50.913Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd",
- "line": 1,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:50.920Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 117,
- "fields": {
- "title": "Hardcoded Password in Connection String (advanced.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.926Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:51.097Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44",
- "line": 1,
- "file_path": "/root/advanced.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:51.100Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 118,
- "fields": {
- "title": "Improper Resource Access Authorization (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.958Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:51.299Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1",
- "line": 15,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:51.303Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 119,
- "fields": {
- "title": "Improper Resource Access Authorization (header.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.848Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:51.526Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9",
- "line": 91,
- "file_path": "/root/header.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:51.529Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 120,
- "fields": {
- "title": "Empty Password in Connection String (score.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.706Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:51.700Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44",
- "line": 1,
- "file_path": "/root/score.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:51.704Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 121,
- "fields": {
- "title": "Improper Resource Shutdown or Release (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.397Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:51.881Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d",
- "line": 24,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:51.884Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 122,
- "fields": {
- "title": "Improper Resource Shutdown or Release (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.414Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:52.052Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28",
- "line": 97,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:52.056Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 123,
- "fields": {
- "title": "Empty Password in Connection String (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.613Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:52.202Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296",
- "line": 1,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:52.205Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 124,
- "fields": {
- "title": "Information Exposure Through an Error Message (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.718Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:52.347Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb",
- "line": 63,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:52.350Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 125,
- "fields": {
- "title": "Use of Insufficiently Random Values (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 330,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.763Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:52.508Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88",
- "line": 54,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:52.512Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 126,
- "fields": {
- "title": "Stored XSS (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.806Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:52.662Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d",
- "line": 89,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:52.665Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 127,
- "fields": {
- "title": "HttpOnlyCookies (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 10706,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.407Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:52.803Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3",
- "line": 35,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:52.806Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 128,
- "fields": {
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 614,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.196Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:52.966Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99",
- "line": 61,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:52.969Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 129,
- "fields": {
- "title": "Information Exposure Through an Error Message (header.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.638Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:53.112Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215",
- "line": 99,
- "file_path": "/root/header.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:53.115Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 130,
- "fields": {
- "title": "Race Condition Format Flaw (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 362,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.011Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:53.269Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1",
- "line": 51,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:53.272Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 131,
- "fields": {
- "title": "Stored XSS (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \" | \" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\" | \" +\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.904Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:01:53.424Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2",
- "line": 49,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:53.428Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 132,
- "fields": {
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.218Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:53.603Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1",
- "line": 274,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:53.606Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 133,
- "fields": {
- "title": "Heap Inspection (init.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 244,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.255Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:53.769Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f",
- "line": 1,
- "file_path": "/root/init.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:53.772Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 134,
- "fields": {
- "title": "CGI Reflected XSS All Clients (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.281Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:53.915Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8",
- "line": 37,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:53.918Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 135,
- "fields": {
- "title": "Empty Password in Connection String (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.473Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:54.068Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6",
- "line": 1,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:54.071Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 136,
- "fields": {
- "title": "Information Exposure Through an Error Message (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.733Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:54.216Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49",
- "line": 98,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:54.219Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 137,
- "fields": {
- "title": "XSRF (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 352,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.841Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:54.403Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473",
- "line": 24,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:54.406Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 138,
- "fields": {
- "title": "Download of Code Without Integrity Check (advanced.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.632Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:01:54.581Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f",
- "line": 1,
- "file_path": "/root/advanced.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:54.584Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 139,
- "fields": {
- "title": "Improper Resource Access Authorization (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 15,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.056Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:01:54.760Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5",
- "line": 29,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:01:54.769Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 140,
- "fields": {
- "title": "SQL Injection (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.706Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:27.309Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0",
- "line": 30,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:27.312Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 141,
- "fields": {
- "title": "Download of Code Without Integrity Check (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.743Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:27.476Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5",
- "line": 1,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:27.478Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 142,
- "fields": {
- "title": "Missing X Frame Options (web.xml)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 829,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.873Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:27.647Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869",
- "line": 1,
- "file_path": "/root/WEB-INF/web.xml",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:27.650Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 143,
- "fields": {
- "title": "Information Exposure Through an Error Message (AdvancedSearch.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.510Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:27.829Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc",
- "line": 134,
- "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:27.832Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 144,
- "fields": {
- "title": "Improper Resource Shutdown or Release (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.315Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:27.990Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27",
- "line": 25,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:27.993Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 145,
- "fields": {
- "title": "Reflected XSS All Clients (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.470Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:28.177Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828",
- "line": 141,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:28.179Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 146,
- "fields": {
- "title": "HttpOnlyCookies (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 10706,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.437Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:28.351Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924",
- "line": 46,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:28.355Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 147,
- "fields": {
- "title": "CGI Reflected XSS All Clients (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.359Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:28.522Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166",
- "line": 96,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:28.525Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 148,
- "fields": {
- "title": "Hardcoded Password in Connection String (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.175Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:28.689Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33",
- "line": 1,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:28.692Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 149,
- "fields": {
- "title": "Client Insecure Randomness (encryption.js)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 330,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.365Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:28.864Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6",
- "line": 127,
- "file_path": "/root/js/encryption.js",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:28.867Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 150,
- "fields": {
- "title": "SQL Injection (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.675Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:29.036Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f",
- "line": 24,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:29.039Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 151,
- "fields": {
- "title": "Stored XSS (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\" | \" + product + \" | \");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.756Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:29.190Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7",
- "line": 257,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:29.194Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 152,
- "fields": {
- "title": "CGI Stored XSS (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \" | \" + nf.format(price) + \" | \");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.470Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:29.358Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7",
- "line": 31,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:29.361Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 153,
- "fields": {
- "title": "Not Using a Random IV With CBC Mode (AES.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 329,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.919Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:29.547Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c",
- "line": 96,
- "file_path": "/src/com/thebodgeitstore/util/AES.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:29.549Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 154,
- "fields": {
- "title": "Collapse of Data Into Unsafe Value (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 182,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.411Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:29.698Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597",
- "line": 37,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:29.701Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 155,
- "fields": {
- "title": "Stored Boundary Violation (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 646,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.244Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:29.848Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca",
- "line": 22,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:29.850Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 156,
- "fields": {
- "title": "Hardcoded Password in Connection String (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.069Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:29.989Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c",
- "line": 1,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:29.992Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 157,
- "fields": {
- "title": "Blind SQL Injections (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.270Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:30.136Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61",
- "line": 24,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:30.139Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 158,
- "fields": {
- "title": "Heap Inspection (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 244,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.316Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:30.279Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e",
- "line": 10,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:30.281Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 159,
- "fields": {
- "title": "Use of Cryptographically Weak PRNG (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 338,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.624Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:30.448Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195",
- "line": 24,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:30.451Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 160,
- "fields": {
- "title": "Trust Boundary Violation (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 501,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.593Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:30.594Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019",
- "line": 22,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:30.598Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 161,
- "fields": {
- "title": "Information Exposure Through an Error Message (admin.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.557Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:30.751Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00",
- "line": 53,
- "file_path": "/root/admin.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:30.754Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 162,
- "fields": {
- "title": "Reliance on Cookies in a Decision (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 784,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.056Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:30.910Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717",
- "line": 280,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:30.913Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 163,
- "fields": {
- "title": "Empty Password in Connection String (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.658Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:31.073Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f",
- "line": 1,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:31.075Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 164,
- "fields": {
- "title": "Improper Resource Access Authorization (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.993Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:31.225Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a",
- "line": 24,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:31.228Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 165,
- "fields": {
- "title": "Client Cross Frame Scripting Attack (advanced.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.567Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:31.379Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b",
- "line": 1,
- "file_path": "/root/advanced.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:31.382Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 166,
- "fields": {
- "title": "Hardcoded Password in Connection String (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.160Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:31.520Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905",
- "line": 1,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:31.524Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 167,
- "fields": {
- "title": "HttpOnlyCookies in Config (web.xml)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 10706,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.484Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:31.672Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c",
- "line": 1,
- "file_path": "/root/WEB-INF/web.xml",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:31.675Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 168,
- "fields": {
- "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.153Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:31.821Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08",
- "line": 130,
- "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:31.824Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 169,
- "fields": {
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 614,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.181Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:31.973Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03",
- "line": 56,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:31.976Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 170,
- "fields": {
- "title": "CGI Reflected XSS All Clients (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.313Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:32.127Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800",
- "line": 78,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:32.130Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 171,
- "fields": {
- "title": "Suspected XSS (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** | <%=username%> | \n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.291Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:32.272Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17",
- "line": 57,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:32.275Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 172,
- "fields": {
- "title": "Hardcoded Password in Connection String (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.006Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:32.424Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625",
- "line": 1,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:32.427Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 173,
- "fields": {
- "title": "Hardcoded Password in Connection String (dbconnection.jspf)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.022Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:32.576Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904",
- "line": 1,
- "file_path": "/root/dbconnection.jspf",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:32.579Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 174,
- "fields": {
- "title": "Empty Password in Connection String (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.691Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:32.746Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653",
- "line": 1,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:32.750Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 175,
- "fields": {
- "title": "Download of Code Without Integrity Check (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.711Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:32.906Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698",
- "line": 1,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:32.910Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 176,
- "fields": {
- "title": "Information Exposure Through an Error Message (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.670Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:33.071Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63",
- "line": 41,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:33.073Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 177,
- "fields": {
- "title": "SQL Injection (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.644Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:33.227Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce",
- "line": 15,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:33.230Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 178,
- "fields": {
- "title": "Empty Password in Connection String (advanced.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.427Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:33.392Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120",
- "line": 1,
- "file_path": "/root/advanced.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:33.396Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 179,
- "fields": {
- "title": "CGI Stored XSS (score.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.535Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:33.583Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c",
- "line": 19,
- "file_path": "/root/score.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:33.589Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 180,
- "fields": {
- "title": "Plaintext Storage in a Cookie (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 315,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.948Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:33.755Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81",
- "line": 84,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:33.758Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 181,
- "fields": {
- "title": "Information Exposure Through an Error Message (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.622Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:33.917Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c",
- "line": 75,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:33.921Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 182,
- "fields": {
- "title": "Hardcoded Password in Connection String (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.974Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:34.096Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f",
- "line": 1,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:34.101Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 183,
- "fields": {
- "title": "Stored XSS (admin.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \" | \" + rs.getString(\"name\") +\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.741Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:34.258Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05",
- "line": 21,
- "file_path": "/root/admin.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:34.261Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 184,
- "fields": {
- "title": "Download of Code Without Integrity Check (admin.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.615Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:34.454Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4",
- "line": 1,
- "file_path": "/root/admin.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:34.457Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 185,
- "fields": {
- "title": "Empty Password in Connection String (init.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.597Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:34.627Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841",
- "line": 1,
- "file_path": "/root/init.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:34.632Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 186,
- "fields": {
- "title": "Heap Inspection (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 244,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.286Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:34.807Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2",
- "line": 8,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:34.811Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 187,
- "fields": {
- "title": "Download of Code Without Integrity Check (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.804Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:34.989Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447",
- "line": 1,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:34.992Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 188,
- "fields": {
- "title": "Session Fixation (AdvancedSearch.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 384,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.531Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:35.143Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21",
- "line": 48,
- "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:35.146Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 189,
- "fields": {
- "title": "Stored XSS (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \" | \" + rs.getString(\"PRICE\") + \" | \\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \" | \\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"| \" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\" |
| \" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.955Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:35.305Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c",
- "line": 49,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:35.308Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 190,
- "fields": {
- "title": "Empty Password in Connection String (dbconnection.jspf)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.489Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:35.484Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659",
- "line": 1,
- "file_path": "/root/dbconnection.jspf",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:35.488Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 191,
- "fields": {
- "title": "Hardcoded Password in Connection String (init.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.099Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:35.652Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d",
- "line": 1,
- "file_path": "/root/init.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:35.655Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 192,
- "fields": {
- "title": "Reflected XSS All Clients (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\" |
| \" + comments + \" |
\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" |
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.515Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:35.811Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08",
- "line": 37,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:35.814Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 193,
- "fields": {
- "title": "HttpOnlyCookies (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 10706,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.361Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:35.980Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932",
- "line": 38,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:35.984Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 194,
- "fields": {
- "title": "Download of Code Without Integrity Check (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.851Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:36.148Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f",
- "line": 1,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:36.152Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 195,
- "fields": {
- "title": "Stored XSS (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \" | \" + nf.format(price) + \" | \");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.870Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:36.359Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02",
- "line": 31,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:36.364Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 196,
- "fields": {
- "title": "Empty Password in Connection String (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.567Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:36.552Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36",
- "line": 1,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:36.557Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 197,
- "fields": {
- "title": "Reflected XSS All Clients (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.563Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:36.756Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1",
- "line": 96,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:36.760Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 198,
- "fields": {
- "title": "Improper Resource Access Authorization (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.009Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:36.938Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628",
- "line": 42,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:36.944Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 199,
- "fields": {
- "title": "Download of Code Without Integrity Check (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.773Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:37.127Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf",
- "line": 1,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:37.131Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 200,
- "fields": {
- "title": "Download of Code Without Integrity Check (score.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.866Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:37.333Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab",
- "line": 1,
- "file_path": "/root/score.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:37.335Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 201,
- "fields": {
- "title": "Improper Resource Access Authorization (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.815Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:37.526Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f",
- "line": 55,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:37.529Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 202,
- "fields": {
- "title": "Race Condition Format Flaw (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 362,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\" | \" + nf.format(pricetopay) + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.995Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:37.701Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a",
- "line": 262,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:37.704Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 203,
- "fields": {
- "title": "Empty Password in Connection String (header.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.536Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:37.900Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e",
- "line": 89,
- "file_path": "/root/header.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:37.904Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 204,
- "fields": {
- "title": "Improper Resource Access Authorization (FunctionalZAP.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.769Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:38.093Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725",
- "line": 31,
- "file_path": "/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:38.097Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 205,
- "fields": {
- "title": "Suspected XSS (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.260Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:38.265Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a",
- "line": 89,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:38.273Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 206,
- "fields": {
- "title": "Use of Cryptographically Weak PRNG (init.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 338,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.655Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:38.480Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2",
- "line": 1,
- "file_path": "/root/init.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:38.494Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 207,
- "fields": {
- "title": "CGI Stored XSS (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \" | \" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\" | \" +\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.501Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:38.720Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20",
- "line": 49,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:38.726Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 208,
- "fields": {
- "title": "Improper Resource Shutdown or Release (init.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.363Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:38.918Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2",
- "line": 1,
- "file_path": "/root/init.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:38.922Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 209,
- "fields": {
- "title": "Download of Code Without Integrity Check (header.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.695Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:39.095Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2",
- "line": 87,
- "file_path": "/root/header.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:39.098Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 210,
- "fields": {
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.234Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:39.256Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1",
- "line": 274,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:39.259Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 211,
- "fields": {
- "title": "Blind SQL Injections (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.255Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:39.461Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551",
- "line": 15,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:39.465Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 212,
- "fields": {
- "title": "Client DOM Open Redirect (advanced.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 601,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.350Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:39.627Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93",
- "line": 48,
- "file_path": "/root/advanced.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:39.630Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 213,
- "fields": {
- "title": "Hardcoded Password in Connection String (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.224Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:39.784Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea",
- "line": 1,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:39.787Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 214,
- "fields": {
- "title": "CGI Stored XSS (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\" | \" + product + \" | \");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.423Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:39.933Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242",
- "line": 257,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:39.936Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 215,
- "fields": {
- "title": "Use of Insufficiently Random Values (init.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 330,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.809Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:40.129Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48",
- "line": 1,
- "file_path": "/root/init.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:40.133Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 216,
- "fields": {
- "title": "Missing X Frame Options (web.xml)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 829,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.889Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:40.288Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3",
- "line": 1,
- "file_path": "/build/WEB-INF/web.xml",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:40.291Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 217,
- "fields": {
- "title": "Reflected XSS All Clients (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>
\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.578Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:40.452Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06",
- "line": 18,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:40.455Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 218,
- "fields": {
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 614,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.134Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:40.621Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb",
- "line": 84,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:40.624Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 219,
- "fields": {
- "title": "Information Exposure Through an Error Message (score.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.795Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:40.777Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9",
- "line": 37,
- "file_path": "/root/score.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:40.780Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 220,
- "fields": {
- "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 321,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.732Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:40.984Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be",
- "line": 26,
- "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:40.990Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 221,
- "fields": {
- "title": "Reliance on Cookies in a Decision (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 784,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.103Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:41.158Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41",
- "line": 56,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:41.162Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 222,
- "fields": {
- "title": "Stored XSS (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \" | \" + rs.getString(\"comment\") + \" | \");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \" | \" + rs.getString(\"comment\") + \" | \");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \" | \" + rs.getString(\"comment\") + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.839Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:41.402Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e",
- "line": 68,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:41.406Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 223,
- "fields": {
- "title": "CGI Stored XSS (admin.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \" | \" + rs.getInt(\"currentbasketid\") + \" | \");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \" | \" + rs.getString(\"name\") +\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.375Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:41.596Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991",
- "line": 21,
- "file_path": "/root/admin.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:41.600Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 224,
- "fields": {
- "title": "Heap Inspection (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 244,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.345Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:41.769Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd",
- "line": 7,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:41.772Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 225,
- "fields": {
- "title": "Improper Resource Shutdown or Release (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.493Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:41.944Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992",
- "line": 57,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:41.947Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 226,
- "fields": {
- "title": "Information Exposure Through an Error Message (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.780Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:42.126Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19",
- "line": 70,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:42.129Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 227,
- "fields": {
- "title": "Improper Resource Access Authorization (init.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.922Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:42.296Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610",
- "line": 1,
- "file_path": "/root/init.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:42.301Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 228,
- "fields": {
- "title": "CGI Stored XSS (header.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.455Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:42.479Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d",
- "line": 29,
- "file_path": "/root/header.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:42.482Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 229,
- "fields": {
- "title": "Blind SQL Injections (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.204Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:42.667Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31",
- "line": 173,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:42.670Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 230,
- "fields": {
- "title": "HttpOnlyCookies in Config (web.xml)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 10706,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.469Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:42.855Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0",
- "line": 1,
- "file_path": "/build/WEB-INF/web.xml",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:42.875Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 231,
- "fields": {
- "title": "Use of Hard Coded Cryptographic Key (AES.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 321,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.702Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:43.249Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b",
- "line": 53,
- "file_path": "/src/com/thebodgeitstore/util/AES.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:43.252Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 232,
- "fields": {
- "title": "Improper Resource Shutdown or Release (score.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.445Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:43.516Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201",
- "line": 14,
- "file_path": "/root/score.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:43.521Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 233,
- "fields": {
- "title": "CGI Reflected XSS All Clients (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.266Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:43.811Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02",
- "line": 141,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:43.816Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 234,
- "fields": {
- "title": "Stored XSS (score.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\" | \" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.922Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:44.082Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d",
- "line": 19,
- "file_path": "/root/score.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:44.090Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 235,
- "fields": {
- "title": "Information Exposure Through an Error Message (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.573Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:44.305Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd",
- "line": 65,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:44.309Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 236,
- "fields": {
- "title": "Improper Resource Access Authorization (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.123Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:44.500Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10",
- "line": 14,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:44.506Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 237,
- "fields": {
- "title": "Improper Resource Access Authorization (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.876Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:44.700Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17",
- "line": 14,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:44.703Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 238,
- "fields": {
- "title": "Improper Resource Shutdown or Release (admin.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.185Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:44.930Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6",
- "line": 40,
- "file_path": "/root/admin.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:44.936Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 239,
- "fields": {
- "title": "Information Exposure Through an Error Message (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.841Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:45.147Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2",
- "line": 58,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:45.150Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 240,
- "fields": {
- "title": "Blind SQL Injections (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.302Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:45.382Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336",
- "line": 30,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:45.387Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 241,
- "fields": {
- "title": "Reliance on Cookies in a Decision (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 784,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.087Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:45.583Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9",
- "line": 45,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:45.588Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 242,
- "fields": {
- "title": "Download of Code Without Integrity Check (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.911Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:45.806Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a",
- "line": 1,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:45.816Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 243,
- "fields": {
- "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 567,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.322Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:46.034Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87",
- "line": 93,
- "file_path": "/src/com/thebodgeitstore/search/AdvancedSearch.java",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:46.040Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 244,
- "fields": {
- "title": "Empty Password in Connection String (search.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.738Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:46.316Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95",
- "line": 1,
- "file_path": "/root/search.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:46.325Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 245,
- "fields": {
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.201Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:46.567Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1",
- "line": 274,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:46.571Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 246,
- "fields": {
- "title": "Improper Resource Access Authorization (score.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.074Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:46.793Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40",
- "line": 14,
- "file_path": "/root/score.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:46.801Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 247,
- "fields": {
- "title": "Session Fixation (logout.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 384,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.546Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:47.002Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10",
- "line": 3,
- "file_path": "/root/logout.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:47.007Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 248,
- "fields": {
- "title": "Hardcoded Password in Connection String (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.115Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:47.225Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd",
- "line": 1,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:47.229Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 249,
- "fields": {
- "title": "Hardcoded Password in Connection String (advanced.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 547,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.942Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:47.440Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44",
- "line": 1,
- "file_path": "/root/advanced.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:47.445Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 250,
- "fields": {
- "title": "Improper Resource Access Authorization (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.938Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:47.659Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1",
- "line": 15,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:47.662Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 251,
- "fields": {
- "title": "Improper Resource Access Authorization (header.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.862Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:47.864Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9",
- "line": 91,
- "file_path": "/root/header.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:47.867Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 252,
- "fields": {
- "title": "Empty Password in Connection String (score.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.722Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:48.015Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44",
- "line": 1,
- "file_path": "/root/score.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:48.018Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 253,
- "fields": {
- "title": "Improper Resource Shutdown or Release (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.380Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:48.171Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d",
- "line": 24,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:48.175Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 254,
- "fields": {
- "title": "Improper Resource Shutdown or Release (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.429Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:48.378Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28",
- "line": 97,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:48.382Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 255,
- "fields": {
- "title": "Empty Password in Connection String (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.628Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:48.560Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296",
- "line": 1,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:48.563Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 256,
- "fields": {
- "title": "Information Exposure Through an Error Message (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.702Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:48.755Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb",
- "line": 63,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:48.761Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 257,
- "fields": {
- "title": "Use of Insufficiently Random Values (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 330,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.748Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:48.954Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88",
- "line": 54,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:48.957Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 258,
- "fields": {
- "title": "Stored XSS (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.788Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:49.157Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d",
- "line": 89,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:49.162Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 259,
- "fields": {
- "title": "HttpOnlyCookies (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 10706,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.391Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:49.535Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3",
- "line": 35,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:49.539Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 260,
- "fields": {
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 614,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.211Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:49.716Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99",
- "line": 61,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:49.721Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 261,
- "fields": {
- "title": "Information Exposure Through an Error Message (header.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.654Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:49.923Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215",
- "line": 99,
- "file_path": "/root/header.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:49.927Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 262,
- "fields": {
- "title": "Race Condition Format Flaw (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 362,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.026Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:50.131Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1",
- "line": 51,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:50.136Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 263,
- "fields": {
- "title": "Stored XSS (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \" | \" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\" | \" +\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.887Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:50.345Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2",
- "line": 49,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:50.351Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 264,
- "fields": {
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.282Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:50.571Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1",
- "line": 274,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:50.575Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 265,
- "fields": {
- "title": "Heap Inspection (init.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 244,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.240Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:50.772Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f",
- "line": 1,
- "file_path": "/root/init.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:50.779Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 266,
- "fields": {
- "title": "CGI Reflected XSS All Clients (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"| \" + comments + \" | \");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.298Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:50.988Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8",
- "line": 37,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:50.992Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 267,
- "fields": {
- "title": "Empty Password in Connection String (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 259,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.458Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:51.206Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6",
- "line": 1,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:51.212Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 268,
- "fields": {
- "title": "Information Exposure Through an Error Message (product.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 209,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.749Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:51.380Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49",
- "line": 98,
- "file_path": "/root/product.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:51.383Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 269,
- "fields": {
- "title": "XSRF (password.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 352,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.824Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:51.541Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473",
- "line": 24,
- "file_path": "/root/password.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:51.544Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 270,
- "fields": {
- "title": "Download of Code Without Integrity Check (advanced.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.648Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:51.719Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f",
- "line": 1,
- "file_path": "/root/advanced.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:51.721Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 271,
- "fields": {
- "title": "Improper Resource Access Authorization (register.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.041Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:51.872Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5",
- "line": 29,
- "file_path": "/root/register.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:51.877Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 272,
- "fields": {
- "title": "Download of Code Without Integrity Check (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 494,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.664Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:52.046Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e",
- "line": 1,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:52.049Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 273,
- "fields": {
- "title": "Improper Resource Access Authorization (admin.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 285,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.800Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:52.205Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099",
- "line": 12,
- "file_path": "/root/admin.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:52.209Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 274,
- "fields": {
- "title": "Use of Cryptographically Weak PRNG (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 338,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.609Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:52.385Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2",
- "line": 54,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:52.388Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 275,
- "fields": {
- "title": "Improper Resource Shutdown or Release (contact.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-03-16",
- "cwe": 404,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:17.298Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-04T09:03:52.568Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b",
- "line": 29,
- "file_path": "/root/contact.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:52.571Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 276,
- "fields": {
- "title": "Reflected XSS All Clients (login.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 79,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"
\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.531Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:52.766Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e",
- "line": 78,
- "file_path": "/root/login.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:52.771Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 277,
- "fields": {
- "title": "Use of Insufficiently Random Values (home.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2020-02-15",
- "cwe": 330,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.778Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-04T09:03:52.933Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a",
- "line": 24,
- "file_path": "/root/home.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:52.938Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 278,
- "fields": {
- "title": "SQL Injection (basket.jsp)",
- "date": "2019-11-17",
- "sla_start_date": null,
- "sla_expiration_date": "2019-12-17",
- "cwe": 89,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "High",
- "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n",
- "mitigation": "N/A",
- "impact": "N/A",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 16,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.612Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-04T09:03:53.121Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9",
- "line": 173,
- "file_path": "/root/basket.jsp",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-04T09:03:53.124Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 12
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 279,
- "fields": {
- "title": "Test",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": null,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "No url given",
- "severity": "Info",
- "description": "asdf",
- "mitigation": "adf",
- "impact": "asdf",
- "steps_to_reproduce": "",
- "severity_justification": "",
- "references": "No references given",
- "test": 19,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.675Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": null,
- "last_reviewed_by": null,
- "param": null,
- "payload": null,
- "hash_code": "df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-04T09:36:25.003Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 3
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 280,
- "fields": {
- "title": "Notepad++.exe | CVE-2007-2666",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2021-12-03",
- "cwe": 1035,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "High",
- "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "name: 23961\nsource: BID\nurl: http://www.securityfocus.com/bid/23961\n\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\n\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\n\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\nsource: CONFIRM\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\n\nname: 3912\nsource: MILW0RM\nurl: http://www.milw0rm.com/exploits/3912\n\nname: ADV-2007-1794\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1794\n\nname: ADV-2007-1867\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1867\n\nname: notepadplus-rb-bo(34269)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34269\n\nname: scintilla-rb-bo(34372)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34372\n\n",
- "test": 25,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.440Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-05T06:44:35.859Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a",
- "line": null,
- "file_path": "notepad++.exe",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T06:44:35.863Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 17
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 281,
- "fields": {
- "title": "Notepad++.exe | CVE-2008-3436",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2021-12-03",
- "cwe": 1035,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "High",
- "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\nsource: FULLDISC\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\n\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\nsource: MISC\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\n\n",
- "test": 25,
- "active": false,
- "verified": false,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.456Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-05T06:44:36.137Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb",
- "line": null,
- "file_path": "notepad++.exe",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T06:44:36.140Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 17
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 282,
- "fields": {
- "title": "Comment Indicates Potentially Unfinished Code",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.352Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:46:06.480Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:06.484Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 283,
- "fields": {
- "title": ".NET Debugging Enabled",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Medium",
- "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.001Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T06:46:06.674Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:06.676Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 284,
- "fields": {
- "title": "URL Request Gets Path From Variable",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Low",
- "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.127Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T06:46:06.854Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:06.857Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 285,
- "fields": {
- "title": "Comment Indicates Potentially Unfinished Code",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.513Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:46:07.052Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:07.054Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 286,
- "fields": {
- "title": "Comment Indicates Potentially Unfinished Code",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.481Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:46:07.231Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:07.234Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 287,
- "fields": {
- "title": "Comment Indicates Potentially Unfinished Code",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.467Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:46:07.426Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:07.429Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 288,
- "fields": {
- "title": ".NET Debugging Enabled",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Medium",
- "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.986Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T06:46:07.616Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:07.619Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 289,
- "fields": {
- "title": "Comment Indicates Potentially Unfinished Code",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.452Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:46:07.815Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:07.818Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 290,
- "fields": {
- "title": "Comment Indicates Potentially Unfinished Code",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.438Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:46:08.021Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:08.024Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 291,
- "fields": {
- "title": "Comment Indicates Potentially Unfinished Code",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.423Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:46:08.212Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:08.214Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 292,
- "fields": {
- "title": "URL Request Gets Path From Variable",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Low",
- "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.157Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T06:46:08.405Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:08.407Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 293,
- "fields": {
- "title": "Comment Indicates Potentially Unfinished Code",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.408Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:46:08.574Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:08.576Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 294,
- "fields": {
- "title": "Comment Indicates Potentially Unfinished Code",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.395Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:46:08.770Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:08.774Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 295,
- "fields": {
- "title": "URL Request Gets Path From Variable",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Low",
- "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.142Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T06:46:08.991Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:08.994Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 296,
- "fields": {
- "title": "Comment Indicates Potentially Unfinished Code",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.528Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:46:09.155Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:09.157Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 297,
- "fields": {
- "title": "Comment Indicates Potentially Unfinished Code",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.496Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:46:09.334Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:09.337Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 298,
- "fields": {
- "title": "Comment Indicates Potentially Unfinished Code",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.381Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:46:09.511Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:09.514Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 299,
- "fields": {
- "title": "Comment Indicates Potentially Unfinished Code",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n",
- "mitigation": "",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": null,
- "test": 26,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.366Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:46:09.697Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": false,
- "created": "2021-11-05T06:46:09.700Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 28
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 300,
- "fields": {
- "title": "Password Field With Autocomplete Enabled",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Low",
- "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n",
- "mitigation": "\n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n",
- "impact": "Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 28,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.095Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T06:47:38.584Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T06:47:17.890Z",
- "scanner_confidence": 1,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 301,
- "fields": {
- "title": "Frameable Response (Potential Clickjacking)",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n",
- "mitigation": "\n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n",
- "impact": "If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "\n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n",
- "test": 28,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.606Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:47:38.584Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T06:47:18.169Z",
- "scanner_confidence": 4,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 302,
- "fields": {
- "title": "Cross-Site Scripting (Reflected)",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2021-12-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "High",
- "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n",
- "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n",
- "impact": "Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "\n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n",
- "test": 28,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.375Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-05T06:47:38.584Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T06:47:18.645Z",
- "scanner_confidence": 1,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 303,
- "fields": {
- "title": "Unencrypted Communications",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Low",
- "description": "URL: http://localhost:8888/\n\n\n",
- "mitigation": "\n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n",
- "impact": "The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "\n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n",
- "test": 28,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.173Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T06:47:38.584Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T06:47:18.860Z",
- "scanner_confidence": 1,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 304,
- "fields": {
- "title": "Password Returned in Later Response",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Medium",
- "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n",
- "mitigation": "\n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n",
- "impact": "Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 28,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.078Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T06:47:38.584Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T06:47:19.072Z",
- "scanner_confidence": 7,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 305,
- "fields": {
- "title": "Email Addresses Disclosed",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n",
- "mitigation": "\n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n",
- "impact": "The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 28,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.590Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:47:38.584Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T06:47:19.278Z",
- "scanner_confidence": 1,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 306,
- "fields": {
- "title": "Cross-Site Request Forgery",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n",
- "mitigation": "\n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n",
- "impact": "Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "\n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n",
- "test": 28,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.543Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:47:38.584Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T06:47:19.559Z",
- "scanner_confidence": 7,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 307,
- "fields": {
- "title": "SQL Injection",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2021-12-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "High",
- "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n",
- "mitigation": "The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n",
- "impact": "SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n",
- "test": 28,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.422Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-05T06:47:38.584Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T06:47:19.783Z",
- "scanner_confidence": 4,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 308,
- "fields": {
- "title": "Path-Relative Style Sheet Import",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n",
- "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n",
- "impact": "Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n",
- "test": 28,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.639Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T06:47:38.584Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T06:47:20.049Z",
- "scanner_confidence": 7,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 309,
- "fields": {
- "title": "Cleartext Submission of Password",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2021-12-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "High",
- "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n",
- "mitigation": "\n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n",
- "impact": "Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 28,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.346Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-05T06:47:38.584Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T06:47:20.461Z",
- "scanner_confidence": 1,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 310,
- "fields": {
- "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.187Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T07:07:18.064Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:18.067Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 311,
- "fields": {
- "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.219Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T07:07:18.317Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:18.320Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 312,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.981Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:18.590Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:18.592Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 313,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.951Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:18.813Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:18.815Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 314,
- "fields": {
- "title": "SQL String Formatting-G201",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.094Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T07:07:19.000Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/sqli/function.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:19.003Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 315,
- "fields": {
- "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.017Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T07:07:19.199Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/user/user.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:19.202Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 316,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.997Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:19.409Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:19.412Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 317,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.935Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:19.618Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:19.621Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 318,
- "fields": {
- "title": "Use of Weak Cryptographic Primitive-G401",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.140Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T07:07:19.848Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:19.850Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 319,
- "fields": {
- "title": "Use of Weak Cryptographic Primitive-G401",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.124Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T07:07:20.054Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/user/user.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:20.057Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 320,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.966Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:20.246Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/util/template.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:20.248Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 321,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.889Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:20.438Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/util/middleware/middleware.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:20.441Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 322,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.048Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:20.631Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/util/middleware/middleware.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:20.634Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 323,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.857Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:20.808Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/app.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:20.811Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 324,
- "fields": {
- "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.236Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T07:07:21.002Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:21.004Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 325,
- "fields": {
- "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.203Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T07:07:21.189Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:21.191Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 326,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.904Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:21.366Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/setting/setting.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:21.369Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 327,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.919Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:21.559Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/setting/setting.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:21.561Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 328,
- "fields": {
- "title": "Use of Weak Cryptographic Primitive-G401",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.109Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T07:07:21.741Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:21.744Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 329,
- "fields": {
- "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.032Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T07:07:21.928Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/csa/csa.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:21.930Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 330,
- "fields": {
- "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.048Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T07:07:22.121Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:22.124Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 331,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.014Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:22.306Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/util/cookie.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:22.308Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 332,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:15.873Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:22.548Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:22.551Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 333,
- "fields": {
- "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.156Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T07:07:22.771Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/xss/xss.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:22.773Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 334,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.081Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:22.986Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/vulnerability/idor/idor.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:22.989Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 335,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.065Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:23.200Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/user/user.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:23.204Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 336,
- "fields": {
- "title": "Errors Unhandled.-G104",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Low",
- "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.030Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T07:07:23.486Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/util/template.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:23.489Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 337,
- "fields": {
- "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": "N/A",
- "severity": "Medium",
- "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n",
- "mitigation": "coming soon",
- "impact": "",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 31,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.172Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T07:07:23.717Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66",
- "line": null,
- "file_path": "/vagrant/go/src/govwa/util/template.go",
- "component_name": null,
- "component_version": null,
- "static_finding": true,
- "dynamic_finding": false,
- "created": "2021-11-05T07:07:23.721Z",
- "scanner_confidence": null,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 30
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 338,
- "fields": {
- "title": "Password Field With Autocomplete Enabled",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Low",
- "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n",
- "mitigation": "\n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n",
- "impact": "Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 32,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.111Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T10:43:05.943Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T10:43:05.946Z",
- "scanner_confidence": 1,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 339,
- "fields": {
- "title": "Frameable Response (Potential Clickjacking)",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n",
- "mitigation": "\n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n",
- "impact": "If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "\n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n",
- "test": 32,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.622Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T10:43:06.233Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T10:43:06.237Z",
- "scanner_confidence": 4,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 340,
- "fields": {
- "title": "Cross-Site Scripting (Reflected)",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2021-12-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "High",
- "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n",
- "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n",
- "impact": "Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "\n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n",
- "test": 32,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.391Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-05T10:43:06.738Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T10:43:06.742Z",
- "scanner_confidence": 1,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 341,
- "fields": {
- "title": "Unencrypted Communications",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-03-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Low",
- "description": "URL: http://localhost:8888/\n\n\n",
- "mitigation": "\n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n",
- "impact": "The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "\n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n",
- "test": 32,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:16.189Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S3",
- "last_reviewed": "2021-11-05T10:43:07.036Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T10:43:07.038Z",
- "scanner_confidence": 1,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 342,
- "fields": {
- "title": "Password Returned in Later Response",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2022-02-01",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Medium",
- "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n",
- "mitigation": "\n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n",
- "impact": "Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 32,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:14.063Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S2",
- "last_reviewed": "2021-11-05T10:43:07.294Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T10:43:07.297Z",
- "scanner_confidence": 7,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 343,
- "fields": {
- "title": "Email Addresses Disclosed",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n",
- "mitigation": "\n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n",
- "impact": "The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 32,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.575Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T10:43:07.545Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T10:43:07.547Z",
- "scanner_confidence": 1,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 344,
- "fields": {
- "title": "Cross-Site Request Forgery",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n",
- "mitigation": "\n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n",
- "impact": "Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "\n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n",
- "test": 32,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.559Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T10:43:07.885Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T10:43:07.888Z",
- "scanner_confidence": 7,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 345,
- "fields": {
- "title": "SQL Injection",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2021-12-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "High",
- "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n",
- "mitigation": "The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n",
- "impact": "SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n",
- "test": 32,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.406Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-05T10:43:08.140Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T10:43:08.144Z",
- "scanner_confidence": 4,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 346,
- "fields": {
- "title": "Path-Relative Style Sheet Import",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": null,
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "Info",
- "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n",
- "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n",
- "impact": "Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n",
- "test": 32,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:18.658Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S4",
- "last_reviewed": "2021-11-05T10:43:08.437Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T10:43:08.440Z",
- "scanner_confidence": 7,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.finding",
- "pk": 347,
- "fields": {
- "title": "Cleartext Submission of Password",
- "date": "2021-11-03",
- "sla_start_date": null,
- "sla_expiration_date": "2021-12-03",
- "cwe": 0,
- "cve": null,
- "epss_score": null,
- "epss_percentile": null,
- "cvssv3": null,
- "cvssv3_score": null,
- "url": null,
- "severity": "High",
- "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n",
- "mitigation": "\n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n",
- "impact": "Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n",
- "steps_to_reproduce": null,
- "severity_justification": null,
- "references": "",
- "test": 32,
- "active": true,
- "verified": true,
- "false_p": false,
- "duplicate": false,
- "duplicate_finding": null,
- "out_of_scope": false,
- "risk_accepted": false,
- "under_review": false,
- "last_status_update": "2025-01-17T16:52:13.360Z",
- "review_requested_by": null,
- "under_defect_review": false,
- "defect_review_requested_by": null,
- "is_mitigated": false,
- "thread_id": 0,
- "mitigated": null,
- "mitigated_by": null,
- "reporter": 1,
- "numerical_severity": "S1",
- "last_reviewed": "2021-11-05T10:43:08.902Z",
- "last_reviewed_by": 1,
- "param": null,
- "payload": null,
- "hash_code": "cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c",
- "line": null,
- "file_path": null,
- "component_name": null,
- "component_version": null,
- "static_finding": false,
- "dynamic_finding": true,
- "created": "2021-11-05T10:43:08.906Z",
- "scanner_confidence": 1,
- "sonarqube_issue": null,
- "unique_id_from_tool": null,
- "vuln_id_from_tool": null,
- "sast_source_object": null,
- "sast_sink_object": null,
- "sast_source_line": null,
- "sast_source_file_path": null,
- "nb_occurences": null,
- "publish_date": null,
- "service": null,
- "planned_remediation_date": null,
- "planned_remediation_version": null,
- "effort_for_fixing": null,
- "reviewers": [],
- "notes": [],
- "files": [],
- "found_by": [
- 9
- ],
- "tags": [],
- "inherited_tags": []
- }
-},
-{
- "model": "dojo.stub_finding",
- "pk": 2,
- "fields": {
- "title": "test stub finding 1",
- "date": "2021-03-09",
- "severity": "High",
- "description": "test stub finding",
- "test": 3,
- "reporter": 1
- }
-},
-{
- "model": "dojo.stub_finding",
- "pk": 3,
- "fields": {
- "title": "test stub finding 2",
- "date": "2021-03-09",
- "severity": "High",
- "description": "test stub finding",
- "test": 14,
- "reporter": 1
- }
-},
-{
- "model": "dojo.stub_finding",
- "pk": 4,
- "fields": {
- "title": "test stub finding 3",
- "date": "2021-03-09",
- "severity": "High",
- "description": "test stub finding",
- "test": 13,
- "reporter": 1
- }
-},
-{
- "model": "dojo.finding_template",
- "pk": 1,
- "fields": {
- "title": "XSS template",
- "cwe": null,
- "cve": null,
- "cvssv3": null,
- "severity": "High",
- "description": "XSS test template",
- "mitigation": "",
- "impact": "",
- "references": "",
- "last_used": null,
- "numerical_severity": null,
- "template_match": false,
- "template_match_title": false,
- "tags": []
- }
-},
-{
- "model": "dojo.finding_template",
- "pk": 2,
- "fields": {
- "title": "SQLi template",
- "cwe": null,
- "cve": null,
- "cvssv3": null,
- "severity": "High",
- "description": "SQLi test template",
- "mitigation": "",
- "impact": "",
- "references": "",
- "last_used": null,
- "numerical_severity": null,
- "template_match": false,
- "template_match_title": false,
- "tags": []
- }
-},
-{
- "model": "dojo.finding_template",
- "pk": 3,
- "fields": {
- "title": "CSRF template",
- "cwe": null,
- "cve": null,
- "cvssv3": null,
- "severity": "MEDIUM",
- "description": "CSRF test template",
- "mitigation": "",
- "impact": "",
- "references": "",
- "last_used": null,
- "numerical_severity": null,
- "template_match": false,
- "template_match_title": false,
- "tags": []
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 1,
- "fields": {
- "finding": 300,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 2,
- "fields": {
- "finding": 300,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 3,
- "fields": {
- "finding": 300,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 4,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 5,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 6,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 7,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 8,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 9,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 10,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 11,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 12,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 13,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 14,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 15,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 16,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 17,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 18,
- "fields": {
- "finding": 301,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 19,
- "fields": {
- "finding": 302,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiWGxtTVRNMlBITmpjbWx3ZEQ1aGJHVnlkQ2d4S1R3bE1tWnpZM0pwY0hRK2FteGxaSFVtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nWWw5cFpEME5Da052Ym5SbGJuUXRWSGx3WlRvZ2RHVjRkQzlvZEcxc08yTm9ZWEp6WlhROVNWTlBMVGc0TlRrdE1RMEtRMjl1ZEdWdWRDMU1aVzVuZEdnNklESXdORGtOQ2tSaGRHVTZJRk5oZEN3Z01qY2dRWFZuSURJd01UWWdNREk2TVRJNk1UVWdSMDFVRFFwRGIyNXVaV04wYVc5dU9pQmpiRzl6WlEwS0RRb0tDZ29LQ2dvS0NnbzhJVVJQUTFSWlVFVWdTRlJOVENCUVZVSk1TVU1nSWkwdkwxY3pReTh2UkZSRUlFaFVUVXdnTXk0eUx5OUZUaUkrQ2p4b2RHMXNQZ284YUdWaFpENEtQSFJwZEd4bFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOTBhWFJzWlQ0S1BHeHBibXNnYUhKbFpqMGljM1I1YkdVdVkzTnpJaUJ5Wld3OUluTjBlV3hsYzJobFpYUWlJSFI1Y0dVOUluUmxlSFF2WTNOeklpQXZQZ284YzJOeWFYQjBJSFI1Y0dVOUluUmxlSFF2YW1GMllYTmpjbWx3ZENJZ2MzSmpQU0l1TDJwekwzVjBhV3d1YW5NaVBqd3ZjMk55YVhCMFBnbzhMMmhsWVdRK0NqeGliMlI1UGdvS1BHTmxiblJsY2o0S1BIUmhZbXhsSUhkcFpIUm9QU0k0TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4SU1UNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZTREUrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005WENKdWIySnZjbVJsY2x3aVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSTBNQ1VpUGxkbElHSnZaR2RsSUdsMExDQnpieUI1YjNVZ1pHOXVkQ0JvWVhabElIUnZJVHd2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRDRLVlhObGNqb2dQR0VnYUhKbFpqMGljR0Z6YzNkdmNtUXVhbk53SWo1MFpYTjBRSFJsYzNRdVkyOXRlV1l4TXpZOGMyTnlhWEIwUG1Gc1pYSjBLREVwUEM5elkzSnBjSFErYW14bFpIVThMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 20,
- "fields": {
- "finding": 302,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQS9jVDAxTlRVdE5UVTFMVEF4T1RsQVpYaGhiWEJzWlM1amIyMXJPR1owYnp4elkzSnBjSFErWVd4bGNuUW9NU2s4SlRKbWMyTnlhWEIwUG01M2VETnNJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qRXdOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhZajVaYjNVZ2MyVmhjbU5vWldRZ1ptOXlPand2WWo0Z05UVTFMVFUxTlMwd01UazVRR1Y0WVcxd2JHVXVZMjl0YXpobWRHODhjMk55YVhCMFBtRnNaWEowS0RFcFBDOXpZM0pwY0hRK2JuZDRNMnc4WW5JdlBqeGljaTgrQ2p4a2FYWStQR0krVG04Z1VtVnpkV3gwY3lCR2IzVnVaRHd2WWo0OEwyUnBkajRLQ2p3dlptOXVkRDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 21,
- "fields": {
- "finding": 304,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 22,
- "fields": {
- "finding": 305,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkQ1UwTUhSbGMzUXVZMjl0Sm5CaGMzTjNiM0prTVQxMFpYTjBNVEl6Sm5CaGMzTjNiM0prTWoxMFpYTjBNVEl6",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qQXhOQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1RveU5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5SbGMzUkFkR1Z6ZEM1amIyMDhMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 23,
- "fields": {
- "finding": 305,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXlOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVQZFhJZ1FtVnpkQ0JFWldGc2N5RThMMmd6UGdvOFkyVnVkR1Z5UGp4MFlXSnNaU0JpYjNKa1pYSTlJakVpSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGxCeWIyUjFZM1E4TDNSb1BqeDBhRDVVZVhCbFBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1Bqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU5TSStSMW9nU3pjM1BDOWhQand2ZEdRK1BIUmtQa2RwZW0xdmN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU1EVThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TlNJK1ZHaHBibWRwWlNBeVBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU55SStSRzl2SUdSaGFDQmtZWGs4TDJFK1BDOTBaRDQ4ZEdRK1JHOXZaR0ZvY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRFl1TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNallpUGxwcGNDQmhJR1JsWlNCa2IyOGdaR0ZvUEM5aFBqd3ZkR1ErUEhSa1BrUnZiMlJoYUhNOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF6TGprNVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEk1SWo1VWFYQnZabTE1ZEc5dVozVmxQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamMwUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BURTNJajVYYUdGMGMybDBJR05oYkd4bFpEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1UVWlQbFJIU2lCSVNFazhMMkUrUEM5MFpENDhkR1ErVkdocGJtZGhiV0ZxYVdkelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTWk0eE1Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB5TkNJK1Ixb2dSbG80UEM5aFBqd3ZkR1ErUEhSa1BrZHBlbTF2Y3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREV1TURBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNamNpUGtSdmJ5QmtZV2dnWkdGNVBDOWhQand2ZEdRK1BIUmtQa1J2YjJSaGFITThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRMkxqVXdQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2NISnZaR2xrUFRJd0lqNVhhR0YwYzJsMElIUmhjM1JsSUd4cGEyVThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamsyUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 24,
- "fields": {
- "finding": 305,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTWpBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5RFFvTkNuVndaR0YwWlQxVmNHUmhkR1VyUW1GemEyVjA=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016TXlNQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4d0lITjBlV3hsUFNKamIyeHZjanBuY21WbGJpSStXVzkxY2lCaVlYTnJaWFFnYUdGa0lHSmxaVzRnZFhCa1lYUmxaQzQ4TDNBK1BHSnlMejRLUEdadmNtMGdZV04wYVc5dVBTSmlZWE5yWlhRdWFuTndJaUJ0WlhSb2IyUTlJbkJ2YzNRaVBnbzhkR0ZpYkdVZ1ltOXlaR1Z5UFNJeElpQmpiR0Z6Y3owaVltOXlaR1Z5SWlCM2FXUjBhRDBpT0RBbElqNEtQSFJ5UGp4MGFENVFjbTlrZFdOMFBDOTBhRDQ4ZEdnK1VYVmhiblJwZEhrOEwzUm9QangwYUQ1UWNtbGpaVHd2ZEdnK1BIUm9QbFJ2ZEdGc1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVGdpUGxkb1lYUnphWFFnZDJWcFoyZzhMMkUrUEM5MFpENEtQSFJrSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCalpXNTBaWElpUGladVluTndPenhoSUdoeVpXWTlJaU1pSUc5dVkyeHBZMnM5SW1SbFkxRjFZVzUwYVhSNUtERTRLVHNpUGp4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRNd0xuQnVaeUlnWVd4MFBTSkVaV055WldGelpTQnhkV0Z1ZEdsMGVTQnBiaUJpWVhOclpYUWlJR0p2Y21SbGNqMGlNQ0krUEM5aFBpWnVZbk53T3p4cGJuQjFkQ0JwWkQwaWNYVmhiblJwZEhsZk1UZ2lJRzVoYldVOUluRjFZVzUwYVhSNVh6RTRJaUIyWVd4MVpUMGlNU0lnYldGNGJHVnVaM1JvUFNJeUlpQnphWHBsSUQwZ0lqSWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdVa1ZCUkU5T1RGa2dMejRtYm1KemNEczhZU0JvY21WbVBTSWpJaUJ2Ym1Oc2FXTnJQU0pwYm1OUmRXRnVkR2wwZVNneE9DazdJajQ4YVcxbklITnlZejBpYVcxaFoyVnpMekV5T1M1d2JtY2lJR0ZzZEQwaVNXNWpjbVZoYzJVZ2NYVmhiblJwZEhrZ2FXNGdZbUZ6YTJWMElpQmliM0prWlhJOUlqQWlQand2WVQ0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQxTUR3dmRHUStDand2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStQSFJrUGxSdmRHRnNQQzkwWkQ0OGRHUWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJR05sYm5SbGNpSStQR2x1Y0hWMElHbGtQU0oxY0dSaGRHVWlJRzVoYldVOUluVndaR0YwWlNJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlWWEJrWVhSbElFSmhjMnRsZENJdlBqd3ZkR1ErUEhSa1BpWnVZbk53T3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQand2ZEhJK0Nqd3ZkR0ZpYkdVK0NnbzhMMlp2Y20wK0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 25,
- "fields": {
- "finding": 305,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 26,
- "fields": {
- "finding": 305,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 27,
- "fields": {
- "finding": 305,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 28,
- "fields": {
- "finding": 305,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 29,
- "fields": {
- "finding": 305,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXpOUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpvd09TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5WelpYSXhRSFJvWldKdlpHZGxhWFJ6ZEc5eVpTNWpiMjA4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1U1pXZHBjM1JsY2p3dmFETStDZ29LVUd4bFlYTmxJR1Z1ZEdWeUlIUm9aU0JtYjJ4c2IzZHBibWNnWkdWMFlXbHNjeUIwYnlCeVpXZHBjM1JsY2lCM2FYUm9JSFZ6T2lBOFluSXZQanhpY2k4K0NqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStDZ2s4WTJWdWRHVnlQZ29KUEhSaFlteGxQZ29KUEhSeVBnb0pDVHgwWkQ1VmMyVnlibUZ0WlNBb2VXOTFjaUJsYldGcGJDQmhaR1J5WlhOektUbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5WelpYSnVZVzFsSWlCdVlXMWxQU0oxYzJWeWJtRnRaU0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRFaUlHNWhiV1U5SW5CaGMzTjNiM0prTVNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQa052Ym1acGNtMGdVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRJaUlHNWhiV1U5SW5CaGMzTjNiM0prTWlJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWMzVmliV2wwSWlCMGVYQmxQU0p6ZFdKdGFYUWlJSFpoYkhWbFBTSlNaV2RwYzNSbGNpSStQQzlwYm5CMWRENDhMM1JrUGdvSlBDOTBjajRLQ1R3dmRHRmliR1UrQ2drOEwyTmxiblJsY2o0S1BDOW1iM0p0UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 30,
- "fields": {
- "finding": 305,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 31,
- "fields": {
- "finding": 306,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 32,
- "fields": {
- "finding": 307,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTXpRTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5SncwS0RRcHhkV0Z1ZEdsMGVWOHhPRDB4Sm5Wd1pHRjBaVDFWY0dSaGRHVXJRbUZ6YTJWMA==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTlRBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxMWRHWXRPQTBLUTI5dWRHVnVkQzFNWVc1bmRXRm5aVG9nWlc0TkNrTnZiblJsYm5RdFRHVnVaM1JvT2lBME1EZzBEUXBFWVhSbE9pQlRZWFFzSURJM0lFRjFaeUF5TURFMklEQXlPakV4T2pRMElFZE5WQTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2cwS1BDRkVUME5VV1ZCRklHaDBiV3crUEdoMGJXdytQR2hsWVdRK1BIUnBkR3hsUGtGd1lXTm9aU0JVYjIxallYUXZPUzR3TGpBdVRUUWdMU0JGY25KdmNpQnlaWEJ2Y25ROEwzUnBkR3hsUGp4emRIbHNaU0IwZVhCbFBTSjBaWGgwTDJOemN5SStTREVnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0bWIyNTBMWE5wZW1VNk1qSndlRHQ5SUVneUlIdG1iMjUwTFdaaGJXbHNlVHBVWVdodmJXRXNRWEpwWVd3c2MyRnVjeTF6WlhKcFpqdGpiMnh2Y2pwM2FHbDBaVHRpWVdOclozSnZkVzVrTFdOdmJHOXlPaU0xTWpWRU56WTdabTl1ZEMxemFYcGxPakUyY0hnN2ZTQklNeUI3Wm05dWRDMW1ZVzFwYkhrNlZHRm9iMjFoTEVGeWFXRnNMSE5oYm5NdGMyVnlhV1k3WTI5c2IzSTZkMmhwZEdVN1ltRmphMmR5YjNWdVpDMWpiMnh2Y2pvak5USTFSRGMyTzJadmJuUXRjMmw2WlRveE5IQjRPMzBnUWs5RVdTQjdabTl1ZEMxbVlXMXBiSGs2VkdGb2IyMWhMRUZ5YVdGc0xITmhibk10YzJWeWFXWTdZMjlzYjNJNllteGhZMnM3WW1GamEyZHliM1Z1WkMxamIyeHZjanAzYUdsMFpUdDlJRUlnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0OUlGQWdlMlp2Ym5RdFptRnRhV3g1T2xSaGFHOXRZU3hCY21saGJDeHpZVzV6TFhObGNtbG1PMkpoWTJ0bmNtOTFibVE2ZDJocGRHVTdZMjlzYjNJNllteGhZMnM3Wm05dWRDMXphWHBsT2pFeWNIZzdmVUVnZTJOdmJHOXlJRG9nWW14aFkyczdmVUV1Ym1GdFpTQjdZMjlzYjNJZ09pQmliR0ZqYXp0OUxteHBibVVnZTJobGFXZG9kRG9nTVhCNE95QmlZV05yWjNKdmRXNWtMV052Ykc5eU9pQWpOVEkxUkRjMk95QmliM0prWlhJNklHNXZibVU3ZlR3dmMzUjViR1UrSUR3dmFHVmhaRDQ4WW05a2VUNDhhREUrU0ZSVVVDQlRkR0YwZFhNZ05UQXdJQzBnUVc0Z1pYaGpaWEIwYVc5dUlHOWpZM1Z5Y21Wa0lIQnliMk5sYzNOcGJtY2dTbE5RSUhCaFoyVWdMMkpoYzJ0bGRDNXFjM0FnWVhRZ2JHbHVaU0F5TkRROEwyZ3hQanhrYVhZZ1kyeGhjM005SW14cGJtVWlQand2WkdsMlBqeHdQanhpUG5SNWNHVThMMkkrSUVWNFkyVndkR2x2YmlCeVpYQnZjblE4TDNBK1BIQStQR0krYldWemMyRm5aVHd2WWo0Z1BIVStRVzRnWlhoalpYQjBhVzl1SUc5alkzVnljbVZrSUhCeWIyTmxjM05wYm1jZ1NsTlFJSEJoWjJVZ0wySmhjMnRsZEM1cWMzQWdZWFFnYkdsdVpTQXlORFE4TDNVK1BDOXdQanh3UGp4aVBtUmxjMk55YVhCMGFXOXVQQzlpUGlBOGRUNVVhR1VnYzJWeWRtVnlJR1Z1WTI5MWJuUmxjbVZrSUdGdUlHbHVkR1Z5Ym1Gc0lHVnljbTl5SUhSb1lYUWdjSEpsZG1WdWRHVmtJR2wwSUdaeWIyMGdablZzWm1sc2JHbHVaeUIwYUdseklISmxjWFZsYzNRdVBDOTFQand2Y0Q0OGNENDhZajVsZUdObGNIUnBiMjQ4TDJJK1BDOXdQanh3Y21VK2IzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdVNtRnpjR1Z5UlhoalpYQjBhVzl1T2lCQmJpQmxlR05sY0hScGIyNGdiMk5qZFhKeVpXUWdjSEp2WTJWemMybHVaeUJLVTFBZ2NHRm5aU0F2WW1GemEyVjBMbXB6Y0NCaGRDQnNhVzVsSURJME5Bb0tNalF4T2lBSkNRa0pDWE4wYlhRdVpYaGxZM1YwWlNncE93b3lOREk2SUFrSkNRa0pjM1J0ZEM1amJHOXpaU2dwT3drSkNRa0pDUW95TkRNNklBa0pDUWw5SUdWc2MyVWdld295TkRRNklBa0pDUWtKYzNSdGRDQTlJR052Ym00dWNISmxjR0Z5WlZOMFlYUmxiV1Z1ZENnbWNYVnZkRHRWVUVSQlZFVWdRbUZ6YTJWMFEyOXVkR1Z1ZEhNZ1UwVlVJSEYxWVc1MGFYUjVJRDBnSm5GMWIzUTdJQ3NnU1c1MFpXZGxjaTV3WVhKelpVbHVkQ2gyWVd4MVpTa2dLeUFtY1hWdmREc2dWMGhGVWtVZ1ltRnphMlYwYVdROUpuRjFiM1E3SUNzZ1ltRnphMlYwU1dRZ0t3b3lORFU2SUFrSkNRa0pDUWttY1hWdmREc2dRVTVFSUhCeWIyUjFZM1JwWkNBOUlDWnhkVzkwT3lBcklIQnliMlJKWkNrN0NqSTBOam9nQ1FrSkNRbHpkRzEwTG1WNFpXTjFkR1VvS1RzS01qUTNPaUFKQ1FrSkNXbG1JQ2hKYm5SbFoyVnlMbkJoY25ObFNXNTBLSFpoYkhWbEtTQW1iSFE3SURBcElIc0tDZ3BUZEdGamEzUnlZV05sT2dvSmIzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdWMyVnlkbXhsZEM1S2MzQlRaWEoyYkdWMFYzSmhjSEJsY2k1b1lXNWtiR1ZLYzNCRmVHTmxjSFJwYjI0b1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8xT0RNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTmpZcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2NtOXZkQ0JqWVhWelpUd3ZZajQ4TDNBK1BIQnlaVDVxWVhaaGVDNXpaWEoyYkdWMExsTmxjblpzWlhSRmVHTmxjSFJwYjI0NklHcGhkbUV1YzNGc0xsTlJURVY0WTJWd2RHbHZiam9nVlc1bGVIQmxZM1JsWkNCbGJtUWdiMllnWTI5dGJXRnVaQ0JwYmlCemRHRjBaVzFsYm5RZ1cxVlFSRUZVUlNCQ1lYTnJaWFJEYjI1MFpXNTBjeUJUUlZRZ2NYVmhiblJwZEhrZ1BTQXhJRmRJUlZKRklHSmhjMnRsZEdsa1BUSW5JRUZPUkNCd2NtOWtkV04wYVdRZ1BTQXhPRjBLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1VUdGblpVTnZiblJsZUhSSmJYQnNMbVJ2U0dGdVpHeGxVR0ZuWlVWNFkyVndkR2x2YmloUVlXZGxRMjl1ZEdWNGRFbHRjR3d1YW1GMllUbzVNRGtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1eWRXNTBhVzFsTGxCaFoyVkRiMjUwWlhoMFNXMXdiQzVvWVc1a2JHVlFZV2RsUlhoalpYQjBhVzl1S0ZCaFoyVkRiMjUwWlhoMFNXMXdiQzVxWVhaaE9qZ3pPQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFuTndMbUpoYzJ0bGRGOXFjM0F1WDJwemNGTmxjblpwWTJVb1ltRnphMlYwWDJwemNDNXFZWFpoT2pRME1pa0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbkoxYm5ScGJXVXVTSFIwY0VwemNFSmhjMlV1YzJWeWRtbGpaU2hJZEhSd1NuTndRbUZ6WlM1cVlYWmhPamN3S1FvSmFtRjJZWGd1YzJWeWRteGxkQzVvZEhSd0xraDBkSEJUWlhKMmJHVjBMbk5sY25acFkyVW9TSFIwY0ZObGNuWnNaWFF1YW1GMllUbzNNamtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhSWGNtRndjR1Z5TG5ObGNuWnBZMlVvU25Od1UyVnlkbXhsZEZkeVlYQndaWEl1YW1GMllUbzBORE1wQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhRdWMyVnlkbWxqWlVwemNFWnBiR1VvU25Od1UyVnlkbXhsZEM1cVlYWmhPak00TlNrS0NXOXlaeTVoY0dGamFHVXVhbUZ6Y0dWeUxuTmxjblpzWlhRdVNuTndVMlZ5ZG14bGRDNXpaWEoyYVdObEtFcHpjRk5sY25ac1pYUXVhbUYyWVRvek1qa3BDZ2xxWVhaaGVDNXpaWEoyYkdWMExtaDBkSEF1U0hSMGNGTmxjblpzWlhRdWMyVnlkbWxqWlNoSWRIUndVMlZ5ZG14bGRDNXFZWFpoT2pjeU9Ta0tDVzl5Wnk1aGNHRmphR1V1ZEc5dFkyRjBMbmRsWW5OdlkydGxkQzV6WlhKMlpYSXVWM05HYVd4MFpYSXVaRzlHYVd4MFpYSW9WM05HYVd4MFpYSXVhbUYyWVRvMU15a0tQQzl3Y21VK1BIQStQR0krY205dmRDQmpZWFZ6WlR3dllqNDhMM0ErUEhCeVpUNXFZWFpoTG5OeGJDNVRVVXhGZUdObGNIUnBiMjQ2SUZWdVpYaHdaV04wWldRZ1pXNWtJRzltSUdOdmJXMWhibVFnYVc0Z2MzUmhkR1Z0Wlc1MElGdFZVRVJCVkVVZ1FtRnphMlYwUTI5dWRHVnVkSE1nVTBWVUlIRjFZVzUwYVhSNUlEMGdNU0JYU0VWU1JTQmlZWE5yWlhScFpEMHlKeUJCVGtRZ2NISnZaSFZqZEdsa0lEMGdNVGhkQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11VlhScGJDNTBhSEp2ZDBWeWNtOXlLRlZ1YTI1dmQyNGdVMjkxY21ObEtRb0piM0puTG1oemNXeGtZaTVxWkdKakxtcGtZbU5RY21Wd1lYSmxaRk4wWVhSbGJXVnVkQzRtYkhRN2FXNXBkQ1puZERzb1ZXNXJibTkzYmlCVGIzVnlZMlVwQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11YW1SaVkwTnZibTVsWTNScGIyNHVjSEpsY0dGeVpWTjBZWFJsYldWdWRDaFZibXR1YjNkdUlGTnZkWEpqWlNrS0NXOXlaeTVoY0dGamFHVXVhbk53TG1KaGMydGxkRjlxYzNBdVgycHpjRk5sY25acFkyVW9ZbUZ6YTJWMFgycHpjQzVxWVhaaE9qTTJOQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1U0hSMGNFcHpjRUpoYzJVdWMyVnlkbWxqWlNoSWRIUndTbk53UW1GelpTNXFZWFpoT2pjd0tRb0phbUYyWVhndWMyVnlkbXhsZEM1b2RIUndMa2gwZEhCVFpYSjJiR1YwTG5ObGNuWnBZMlVvU0hSMGNGTmxjblpzWlhRdWFtRjJZVG8zTWprcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTkRNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2JtOTBaVHd2WWo0Z1BIVStWR2hsSUdaMWJHd2djM1JoWTJzZ2RISmhZMlVnYjJZZ2RHaGxJSEp2YjNRZ1kyRjFjMlVnYVhNZ1lYWmhhV3hoWW14bElHbHVJSFJvWlNCQmNHRmphR1VnVkc5dFkyRjBMemt1TUM0d0xrMDBJR3h2WjNNdVBDOTFQand2Y0Q0OGFISWdZMnhoYzNNOUlteHBibVVpUGp4b016NUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5b016NDhMMkp2WkhrK1BDOW9kRzFzUGc9PQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 33,
- "fields": {
- "finding": 307,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKeVoxYzJWeWJtRnRaVDA9",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLRFFvOGNDQnpkSGxzWlQwaVkyOXNiM0k2Y21Wa0lqNVpiM1VnYzNWd2NHeHBaV1FnWVc0Z2FXNTJZV3hwWkNCdVlXMWxJRzl5SUhCaGMzTjNiM0prTGp3dmNENEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 34,
- "fields": {
- "finding": 307,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQU2M9",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTVNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZFhObGNqRkFkR2hsWW05a1oyVnBkSE4wYjNKbExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb05Danh3SUhOMGVXeGxQU0pqYjJ4dmNqcHlaV1FpUGxsdmRTQnpkWEJ3YkdsbFpDQmhiaUJwYm5aaGJHbGtJRzVoYldVZ2IzSWdjR0Z6YzNkdmNtUXVQQzl3UGdvTkNqeG9NejVNYjJkcGJqd3ZhRE0rRFFwUWJHVmhjMlVnWlc1MFpYSWdlVzkxY2lCamNtVmtaVzUwYVdGc2N6b2dQR0p5THo0OFluSXZQZzBLUEdadmNtMGdiV1YwYUc5a1BTSlFUMU5VSWo0TkNnazhZMlZ1ZEdWeVBnMEtDVHgwWVdKc1pUNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1VmMyVnlibUZ0WlRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0oxYzJWeWJtRnRaU0lnYm1GdFpUMGlkWE5sY201aGJXVWlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUeDBjajROQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0RRb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluQmhjM04zYjNKa0lpQnVZVzFsUFNKd1lYTnpkMjl5WkNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENE5DZ2s4TDNSeVBnMEtDVHgwY2o0TkNna0pQSFJrUGp3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVEc5bmFXNGlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUd3ZkR0ZpYkdVK0RRb0pQQzlqWlc1MFpYSStEUW84TDJadmNtMCtEUXBKWmlCNWIzVWdaRzl1ZENCb1lYWmxJR0Z1SUdGalkyOTFiblFnZDJsMGFDQjFjeUIwYUdWdUlIQnNaV0Z6WlNBOFlTQm9jbVZtUFNKeVpXZHBjM1JsY2k1cWMzQWlQbEpsWjJsemRHVnlQQzloUGlCdWIzY2dabTl5SUdFZ1puSmxaU0JoWTJOdmRXNTBMZzBLUEdKeUx6NDhZbkl2UGcwS0RRbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2cwS0RRbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 35,
- "fields": {
- "finding": 307,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiU2NtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTNNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDbE41YzNSbGJTQmxjbkp2Y2k0S0Nnb0tDZ29LUENGRVQwTlVXVkJGSUVoVVRVd2dVRlZDVEVsRElDSXRMeTlYTTBNdkwwUlVSQ0JJVkUxTUlETXVNaTh2UlU0aVBnbzhhSFJ0YkQ0S1BHaGxZV1ErQ2p4MGFYUnNaVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2ZEdsMGJHVStDanhzYVc1cklHaHlaV1k5SW5OMGVXeGxMbU56Y3lJZ2NtVnNQU0p6ZEhsc1pYTm9aV1YwSWlCMGVYQmxQU0owWlhoMEwyTnpjeUlnTHo0S1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlJSE55WXowaUxpOXFjeTkxZEdsc0xtcHpJajQ4TDNOamNtbHdkRDRLUEM5b1pXRmtQZ284WW05a2VUNEtDanhqWlc1MFpYSStDangwWVdKc1pTQjNhV1IwYUQwaU9EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhTREUrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDBneFBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBWd2libTlpYjNKa1pYSmNJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlQaVp1WW5Od096d3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTkRBbElqNVhaU0JpYjJSblpTQnBkQ3dnYzI4Z2VXOTFJR1J2Ym5RZ2FHRjJaU0IwYnlFOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJZ2MzUjViR1U5SW5SbGVIUXRZV3hwWjI0NklISnBaMmgwSWlBK0NsVnpaWEk2SUR4aElHaHlaV1k5SW5CaGMzTjNiM0prTG1wemNDSStkR1Z6ZEVCMFpYTjBMbU52YlhsbU1UTTJQSE5qY21sd2RENWhiR1Z5ZENneEtUd3ZjMk55YVhCMFBtcHNaV1IxUEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1VtVm5hWE4wWlhJOEwyZ3pQZ29LQ2xCc1pXRnpaU0JsYm5SbGNpQjBhR1VnWm05c2JHOTNhVzVuSUdSbGRHRnBiSE1nZEc4Z2NtVm5hWE4wWlhJZ2QybDBhQ0IxY3pvZ1BHSnlMejQ4WW5JdlBnbzhabTl5YlNCdFpYUm9iMlE5SWxCUFUxUWlQZ29KUEdObGJuUmxjajRLQ1R4MFlXSnNaVDRLQ1R4MGNqNEtDUWs4ZEdRK1ZYTmxjbTVoYldVZ0tIbHZkWElnWlcxaGFXd2dZV1JrY21WemN5azZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKMWMyVnlibUZ0WlNJZ2JtRnRaVDBpZFhObGNtNWhiV1VpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReElpQnVZVzFsUFNKd1lYTnpkMjl5WkRFaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDVEYjI1bWFYSnRJRkJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReUlpQnVZVzFsUFNKd1lYTnpkMjl5WkRJaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDQ4TDNSa1Bnb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluTjFZbTFwZENJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlVbVZuYVhOMFpYSWlQand2YVc1d2RYUStQQzkwWkQ0S0NUd3ZkSEkrQ2drOEwzUmhZbXhsUGdvSlBDOWpaVzUwWlhJK0Nqd3ZabTl5YlQ0S0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 36,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 37,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 38,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 39,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 40,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 41,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 42,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 43,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 44,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 45,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 46,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 47,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 48,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 49,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 50,
- "fields": {
- "finding": 308,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 51,
- "fields": {
- "finding": 309,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 52,
- "fields": {
- "finding": 309,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 53,
- "fields": {
- "finding": 309,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 54,
- "fields": {
- "finding": 338,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 55,
- "fields": {
- "finding": 338,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 56,
- "fields": {
- "finding": 338,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 57,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 58,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 59,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 60,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 61,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 62,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 63,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 64,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 65,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 66,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 67,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 68,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 69,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 70,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 71,
- "fields": {
- "finding": 339,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 72,
- "fields": {
- "finding": 340,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiWGxtTVRNMlBITmpjbWx3ZEQ1aGJHVnlkQ2d4S1R3bE1tWnpZM0pwY0hRK2FteGxaSFVtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nWWw5cFpEME5Da052Ym5SbGJuUXRWSGx3WlRvZ2RHVjRkQzlvZEcxc08yTm9ZWEp6WlhROVNWTlBMVGc0TlRrdE1RMEtRMjl1ZEdWdWRDMU1aVzVuZEdnNklESXdORGtOQ2tSaGRHVTZJRk5oZEN3Z01qY2dRWFZuSURJd01UWWdNREk2TVRJNk1UVWdSMDFVRFFwRGIyNXVaV04wYVc5dU9pQmpiRzl6WlEwS0RRb0tDZ29LQ2dvS0NnbzhJVVJQUTFSWlVFVWdTRlJOVENCUVZVSk1TVU1nSWkwdkwxY3pReTh2UkZSRUlFaFVUVXdnTXk0eUx5OUZUaUkrQ2p4b2RHMXNQZ284YUdWaFpENEtQSFJwZEd4bFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOTBhWFJzWlQ0S1BHeHBibXNnYUhKbFpqMGljM1I1YkdVdVkzTnpJaUJ5Wld3OUluTjBlV3hsYzJobFpYUWlJSFI1Y0dVOUluUmxlSFF2WTNOeklpQXZQZ284YzJOeWFYQjBJSFI1Y0dVOUluUmxlSFF2YW1GMllYTmpjbWx3ZENJZ2MzSmpQU0l1TDJwekwzVjBhV3d1YW5NaVBqd3ZjMk55YVhCMFBnbzhMMmhsWVdRK0NqeGliMlI1UGdvS1BHTmxiblJsY2o0S1BIUmhZbXhsSUhkcFpIUm9QU0k0TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4SU1UNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZTREUrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005WENKdWIySnZjbVJsY2x3aVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSTBNQ1VpUGxkbElHSnZaR2RsSUdsMExDQnpieUI1YjNVZ1pHOXVkQ0JvWVhabElIUnZJVHd2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRDRLVlhObGNqb2dQR0VnYUhKbFpqMGljR0Z6YzNkdmNtUXVhbk53SWo1MFpYTjBRSFJsYzNRdVkyOXRlV1l4TXpZOGMyTnlhWEIwUG1Gc1pYSjBLREVwUEM5elkzSnBjSFErYW14bFpIVThMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 73,
- "fields": {
- "finding": 340,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQS9jVDAxTlRVdE5UVTFMVEF4T1RsQVpYaGhiWEJzWlM1amIyMXJPR1owYnp4elkzSnBjSFErWVd4bGNuUW9NU2s4SlRKbWMyTnlhWEIwUG01M2VETnNJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qRXdOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhZajVaYjNVZ2MyVmhjbU5vWldRZ1ptOXlPand2WWo0Z05UVTFMVFUxTlMwd01UazVRR1Y0WVcxd2JHVXVZMjl0YXpobWRHODhjMk55YVhCMFBtRnNaWEowS0RFcFBDOXpZM0pwY0hRK2JuZDRNMnc4WW5JdlBqeGljaTgrQ2p4a2FYWStQR0krVG04Z1VtVnpkV3gwY3lCR2IzVnVaRHd2WWo0OEwyUnBkajRLQ2p3dlptOXVkRDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 74,
- "fields": {
- "finding": 342,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 75,
- "fields": {
- "finding": 343,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkQ1UwTUhSbGMzUXVZMjl0Sm5CaGMzTjNiM0prTVQxMFpYTjBNVEl6Sm5CaGMzTjNiM0prTWoxMFpYTjBNVEl6",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qQXhOQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1RveU5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5SbGMzUkFkR1Z6ZEM1amIyMDhMMkUrQ2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkdmRYUXVhbk53SWo1TWIyZHZkWFE4TDJFK0NnbzhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmlZWE5yWlhRdWFuTndJajVaYjNWeUlFSmhjMnRsZER3dllUNDhMM1JrUGdvS1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSnpaV0Z5WTJndWFuTndJajVUWldGeVkyZzhMMkUrUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKc1pXWjBJaUIyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpJMUpTSStDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAySWo1RWIyOWtZV2h6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMUlqNUhhWHB0YjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUTWlQbFJvYVc1bllXMWhhbWxuY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1pSStWR2hwYm1kcFpYTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVGNpUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRRaVBsZG9ZWFJ6YVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHhJajVYYVdSblpYUnpQQzloUGp4aWNpOCtDZ284WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0S1BDOTBaRDRLUEhSa0lIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlOekFsSWo0S0NqeG9NejVTWldkcGMzUmxjand2YURNK0NqeGljaTgrV1c5MUlHaGhkbVVnYzNWalkyVnpjMloxYkd4NUlISmxaMmx6ZEdWeVpXUWdkMmwwYUNCVWFHVWdRbTlrWjJWSmRDQlRkRzl5WlM0S0NnazhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 76,
- "fields": {
- "finding": 343,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXlOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVQZFhJZ1FtVnpkQ0JFWldGc2N5RThMMmd6UGdvOFkyVnVkR1Z5UGp4MFlXSnNaU0JpYjNKa1pYSTlJakVpSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGxCeWIyUjFZM1E4TDNSb1BqeDBhRDVVZVhCbFBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1Bqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU5TSStSMW9nU3pjM1BDOWhQand2ZEdRK1BIUmtQa2RwZW0xdmN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU1EVThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TlNJK1ZHaHBibWRwWlNBeVBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU55SStSRzl2SUdSaGFDQmtZWGs4TDJFK1BDOTBaRDQ4ZEdRK1JHOXZaR0ZvY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRFl1TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNallpUGxwcGNDQmhJR1JsWlNCa2IyOGdaR0ZvUEM5aFBqd3ZkR1ErUEhSa1BrUnZiMlJoYUhNOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF6TGprNVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEk1SWo1VWFYQnZabTE1ZEc5dVozVmxQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamMwUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BURTNJajVYYUdGMGMybDBJR05oYkd4bFpEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1UVWlQbFJIU2lCSVNFazhMMkUrUEM5MFpENDhkR1ErVkdocGJtZGhiV0ZxYVdkelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTWk0eE1Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB5TkNJK1Ixb2dSbG80UEM5aFBqd3ZkR1ErUEhSa1BrZHBlbTF2Y3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREV1TURBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNamNpUGtSdmJ5QmtZV2dnWkdGNVBDOWhQand2ZEdRK1BIUmtQa1J2YjJSaGFITThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRMkxqVXdQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2NISnZaR2xrUFRJd0lqNVhhR0YwYzJsMElIUmhjM1JsSUd4cGEyVThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXpMamsyUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 77,
- "fields": {
- "finding": 343,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTWpBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5RFFvTkNuVndaR0YwWlQxVmNHUmhkR1VyUW1GemEyVjA=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016TXlNQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4d0lITjBlV3hsUFNKamIyeHZjanBuY21WbGJpSStXVzkxY2lCaVlYTnJaWFFnYUdGa0lHSmxaVzRnZFhCa1lYUmxaQzQ4TDNBK1BHSnlMejRLUEdadmNtMGdZV04wYVc5dVBTSmlZWE5yWlhRdWFuTndJaUJ0WlhSb2IyUTlJbkJ2YzNRaVBnbzhkR0ZpYkdVZ1ltOXlaR1Z5UFNJeElpQmpiR0Z6Y3owaVltOXlaR1Z5SWlCM2FXUjBhRDBpT0RBbElqNEtQSFJ5UGp4MGFENVFjbTlrZFdOMFBDOTBhRDQ4ZEdnK1VYVmhiblJwZEhrOEwzUm9QangwYUQ1UWNtbGpaVHd2ZEdnK1BIUm9QbFJ2ZEdGc1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVGdpUGxkb1lYUnphWFFnZDJWcFoyZzhMMkUrUEM5MFpENEtQSFJrSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCalpXNTBaWElpUGladVluTndPenhoSUdoeVpXWTlJaU1pSUc5dVkyeHBZMnM5SW1SbFkxRjFZVzUwYVhSNUtERTRLVHNpUGp4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRNd0xuQnVaeUlnWVd4MFBTSkVaV055WldGelpTQnhkV0Z1ZEdsMGVTQnBiaUJpWVhOclpYUWlJR0p2Y21SbGNqMGlNQ0krUEM5aFBpWnVZbk53T3p4cGJuQjFkQ0JwWkQwaWNYVmhiblJwZEhsZk1UZ2lJRzVoYldVOUluRjFZVzUwYVhSNVh6RTRJaUIyWVd4MVpUMGlNU0lnYldGNGJHVnVaM1JvUFNJeUlpQnphWHBsSUQwZ0lqSWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdVa1ZCUkU5T1RGa2dMejRtYm1KemNEczhZU0JvY21WbVBTSWpJaUJ2Ym1Oc2FXTnJQU0pwYm1OUmRXRnVkR2wwZVNneE9DazdJajQ4YVcxbklITnlZejBpYVcxaFoyVnpMekV5T1M1d2JtY2lJR0ZzZEQwaVNXNWpjbVZoYzJVZ2NYVmhiblJwZEhrZ2FXNGdZbUZ6YTJWMElpQmliM0prWlhJOUlqQWlQand2WVQ0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQxTUR3dmRHUStDand2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStQSFJrUGxSdmRHRnNQQzkwWkQ0OGRHUWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJR05sYm5SbGNpSStQR2x1Y0hWMElHbGtQU0oxY0dSaGRHVWlJRzVoYldVOUluVndaR0YwWlNJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlWWEJrWVhSbElFSmhjMnRsZENJdlBqd3ZkR1ErUEhSa1BpWnVZbk53T3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQand2ZEhJK0Nqd3ZkR0ZpYkdVK0NnbzhMMlp2Y20wK0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 78,
- "fields": {
- "finding": 343,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 79,
- "fields": {
- "finding": 343,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 80,
- "fields": {
- "finding": 343,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 81,
- "fields": {
- "finding": 343,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 82,
- "fields": {
- "finding": 343,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQU5Da052YjJ0cFpUb2dTbE5GVTFOSlQwNUpSRDAyUlRrMU56ZEJNVFpDUVVNMk1Ua3hNMFJGT1RkQk9EZzNRVVEyTURJM05RMEtEUW89",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXpOUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpvd09TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BWYzJWeU9pQThZU0JvY21WbVBTSndZWE56ZDI5eVpDNXFjM0FpUG5WelpYSXhRSFJvWldKdlpHZGxhWFJ6ZEc5eVpTNWpiMjA4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1U1pXZHBjM1JsY2p3dmFETStDZ29LVUd4bFlYTmxJR1Z1ZEdWeUlIUm9aU0JtYjJ4c2IzZHBibWNnWkdWMFlXbHNjeUIwYnlCeVpXZHBjM1JsY2lCM2FYUm9JSFZ6T2lBOFluSXZQanhpY2k4K0NqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStDZ2s4WTJWdWRHVnlQZ29KUEhSaFlteGxQZ29KUEhSeVBnb0pDVHgwWkQ1VmMyVnlibUZ0WlNBb2VXOTFjaUJsYldGcGJDQmhaR1J5WlhOektUbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5WelpYSnVZVzFsSWlCdVlXMWxQU0oxYzJWeWJtRnRaU0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRFaUlHNWhiV1U5SW5CaGMzTjNiM0prTVNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQa052Ym1acGNtMGdVR0Z6YzNkdmNtUTZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKd1lYTnpkMjl5WkRJaUlHNWhiV1U5SW5CaGMzTjNiM0prTWlJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWMzVmliV2wwSWlCMGVYQmxQU0p6ZFdKdGFYUWlJSFpoYkhWbFBTSlNaV2RwYzNSbGNpSStQQzlwYm5CMWRENDhMM1JrUGdvSlBDOTBjajRLQ1R3dmRHRmliR1UrQ2drOEwyTmxiblJsY2o0S1BDOW1iM0p0UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 83,
- "fields": {
- "finding": 343,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 84,
- "fields": {
- "finding": 344,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQUT09",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtQSEFnYzNSNWJHVTlJbU52Ykc5eU9uSmxaQ0krV1c5MUlITjFjSEJzYVdWa0lHRnVJR2x1ZG1Gc2FXUWdibUZ0WlNCdmNpQndZWE56ZDI5eVpDNDhMM0ErQ2cwS1BHZ3pQa3h2WjJsdVBDOW9NejROQ2xCc1pXRnpaU0JsYm5SbGNpQjViM1Z5SUdOeVpXUmxiblJwWVd4ek9pQThZbkl2UGp4aWNpOCtEUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGcwS0NUeGpaVzUwWlhJK0RRb0pQSFJoWW14bFBnMEtDVHgwY2o0TkNna0pQSFJrUGxWelpYSnVZVzFsT2p3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJblZ6WlhKdVlXMWxJaUJ1WVcxbFBTSjFjMlZ5Ym1GdFpTSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBIUnlQZzBLQ1FrOGRHUStVR0Z6YzNkdmNtUTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21RaUlHNWhiV1U5SW5CaGMzTjNiM0prSWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1BnMEtDVHd2ZEhJK0RRb0pQSFJ5UGcwS0NRazhkR1ErUEM5MFpENE5DZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljM1ZpYldsMElpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pNYjJkcGJpSStQQzlwYm5CMWRENDhMM1JrUGcwS0NUd3ZkSEkrRFFvSlBDOTBZV0pzWlQ0TkNnazhMMk5sYm5SbGNqNE5Dand2Wm05eWJUNE5Da2xtSUhsdmRTQmtiMjUwSUdoaGRtVWdZVzRnWVdOamIzVnVkQ0IzYVhSb0lIVnpJSFJvWlc0Z2NHeGxZWE5sSUR4aElHaHlaV1k5SW5KbFoybHpkR1Z5TG1wemNDSStVbVZuYVhOMFpYSThMMkUrSUc1dmR5Qm1iM0lnWVNCbWNtVmxJR0ZqWTI5MWJuUXVEUW84WW5JdlBqeGljaTgrRFFvTkNqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLRFFvTkNnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 85,
- "fields": {
- "finding": 345,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOWlZWE5yWlhRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQU5Da052Ym5SbGJuUXRWSGx3WlRvZ1lYQndiR2xqWVhScGIyNHZlQzEzZDNjdFptOXliUzExY214bGJtTnZaR1ZrRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTXpRTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlRzZ1lsOXBaRDB5SncwS0RRcHhkV0Z1ZEdsMGVWOHhPRDB4Sm5Wd1pHRjBaVDFWY0dSaGRHVXJRbUZ6YTJWMA==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTlRBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxMWRHWXRPQTBLUTI5dWRHVnVkQzFNWVc1bmRXRm5aVG9nWlc0TkNrTnZiblJsYm5RdFRHVnVaM1JvT2lBME1EZzBEUXBFWVhSbE9pQlRZWFFzSURJM0lFRjFaeUF5TURFMklEQXlPakV4T2pRMElFZE5WQTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2cwS1BDRkVUME5VV1ZCRklHaDBiV3crUEdoMGJXdytQR2hsWVdRK1BIUnBkR3hsUGtGd1lXTm9aU0JVYjIxallYUXZPUzR3TGpBdVRUUWdMU0JGY25KdmNpQnlaWEJ2Y25ROEwzUnBkR3hsUGp4emRIbHNaU0IwZVhCbFBTSjBaWGgwTDJOemN5SStTREVnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0bWIyNTBMWE5wZW1VNk1qSndlRHQ5SUVneUlIdG1iMjUwTFdaaGJXbHNlVHBVWVdodmJXRXNRWEpwWVd3c2MyRnVjeTF6WlhKcFpqdGpiMnh2Y2pwM2FHbDBaVHRpWVdOclozSnZkVzVrTFdOdmJHOXlPaU0xTWpWRU56WTdabTl1ZEMxemFYcGxPakUyY0hnN2ZTQklNeUI3Wm05dWRDMW1ZVzFwYkhrNlZHRm9iMjFoTEVGeWFXRnNMSE5oYm5NdGMyVnlhV1k3WTI5c2IzSTZkMmhwZEdVN1ltRmphMmR5YjNWdVpDMWpiMnh2Y2pvak5USTFSRGMyTzJadmJuUXRjMmw2WlRveE5IQjRPMzBnUWs5RVdTQjdabTl1ZEMxbVlXMXBiSGs2VkdGb2IyMWhMRUZ5YVdGc0xITmhibk10YzJWeWFXWTdZMjlzYjNJNllteGhZMnM3WW1GamEyZHliM1Z1WkMxamIyeHZjanAzYUdsMFpUdDlJRUlnZTJadmJuUXRabUZ0YVd4NU9sUmhhRzl0WVN4QmNtbGhiQ3h6WVc1ekxYTmxjbWxtTzJOdmJHOXlPbmRvYVhSbE8ySmhZMnRuY205MWJtUXRZMjlzYjNJNkl6VXlOVVEzTmp0OUlGQWdlMlp2Ym5RdFptRnRhV3g1T2xSaGFHOXRZU3hCY21saGJDeHpZVzV6TFhObGNtbG1PMkpoWTJ0bmNtOTFibVE2ZDJocGRHVTdZMjlzYjNJNllteGhZMnM3Wm05dWRDMXphWHBsT2pFeWNIZzdmVUVnZTJOdmJHOXlJRG9nWW14aFkyczdmVUV1Ym1GdFpTQjdZMjlzYjNJZ09pQmliR0ZqYXp0OUxteHBibVVnZTJobGFXZG9kRG9nTVhCNE95QmlZV05yWjNKdmRXNWtMV052Ykc5eU9pQWpOVEkxUkRjMk95QmliM0prWlhJNklHNXZibVU3ZlR3dmMzUjViR1UrSUR3dmFHVmhaRDQ4WW05a2VUNDhhREUrU0ZSVVVDQlRkR0YwZFhNZ05UQXdJQzBnUVc0Z1pYaGpaWEIwYVc5dUlHOWpZM1Z5Y21Wa0lIQnliMk5sYzNOcGJtY2dTbE5RSUhCaFoyVWdMMkpoYzJ0bGRDNXFjM0FnWVhRZ2JHbHVaU0F5TkRROEwyZ3hQanhrYVhZZ1kyeGhjM005SW14cGJtVWlQand2WkdsMlBqeHdQanhpUG5SNWNHVThMMkkrSUVWNFkyVndkR2x2YmlCeVpYQnZjblE4TDNBK1BIQStQR0krYldWemMyRm5aVHd2WWo0Z1BIVStRVzRnWlhoalpYQjBhVzl1SUc5alkzVnljbVZrSUhCeWIyTmxjM05wYm1jZ1NsTlFJSEJoWjJVZ0wySmhjMnRsZEM1cWMzQWdZWFFnYkdsdVpTQXlORFE4TDNVK1BDOXdQanh3UGp4aVBtUmxjMk55YVhCMGFXOXVQQzlpUGlBOGRUNVVhR1VnYzJWeWRtVnlJR1Z1WTI5MWJuUmxjbVZrSUdGdUlHbHVkR1Z5Ym1Gc0lHVnljbTl5SUhSb1lYUWdjSEpsZG1WdWRHVmtJR2wwSUdaeWIyMGdablZzWm1sc2JHbHVaeUIwYUdseklISmxjWFZsYzNRdVBDOTFQand2Y0Q0OGNENDhZajVsZUdObGNIUnBiMjQ4TDJJK1BDOXdQanh3Y21VK2IzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdVNtRnpjR1Z5UlhoalpYQjBhVzl1T2lCQmJpQmxlR05sY0hScGIyNGdiMk5qZFhKeVpXUWdjSEp2WTJWemMybHVaeUJLVTFBZ2NHRm5aU0F2WW1GemEyVjBMbXB6Y0NCaGRDQnNhVzVsSURJME5Bb0tNalF4T2lBSkNRa0pDWE4wYlhRdVpYaGxZM1YwWlNncE93b3lOREk2SUFrSkNRa0pjM1J0ZEM1amJHOXpaU2dwT3drSkNRa0pDUW95TkRNNklBa0pDUWw5SUdWc2MyVWdld295TkRRNklBa0pDUWtKYzNSdGRDQTlJR052Ym00dWNISmxjR0Z5WlZOMFlYUmxiV1Z1ZENnbWNYVnZkRHRWVUVSQlZFVWdRbUZ6YTJWMFEyOXVkR1Z1ZEhNZ1UwVlVJSEYxWVc1MGFYUjVJRDBnSm5GMWIzUTdJQ3NnU1c1MFpXZGxjaTV3WVhKelpVbHVkQ2gyWVd4MVpTa2dLeUFtY1hWdmREc2dWMGhGVWtVZ1ltRnphMlYwYVdROUpuRjFiM1E3SUNzZ1ltRnphMlYwU1dRZ0t3b3lORFU2SUFrSkNRa0pDUWttY1hWdmREc2dRVTVFSUhCeWIyUjFZM1JwWkNBOUlDWnhkVzkwT3lBcklIQnliMlJKWkNrN0NqSTBOam9nQ1FrSkNRbHpkRzEwTG1WNFpXTjFkR1VvS1RzS01qUTNPaUFKQ1FrSkNXbG1JQ2hKYm5SbFoyVnlMbkJoY25ObFNXNTBLSFpoYkhWbEtTQW1iSFE3SURBcElIc0tDZ3BUZEdGamEzUnlZV05sT2dvSmIzSm5MbUZ3WVdOb1pTNXFZWE53WlhJdWMyVnlkbXhsZEM1S2MzQlRaWEoyYkdWMFYzSmhjSEJsY2k1b1lXNWtiR1ZLYzNCRmVHTmxjSFJwYjI0b1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8xT0RNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTmpZcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2NtOXZkQ0JqWVhWelpUd3ZZajQ4TDNBK1BIQnlaVDVxWVhaaGVDNXpaWEoyYkdWMExsTmxjblpzWlhSRmVHTmxjSFJwYjI0NklHcGhkbUV1YzNGc0xsTlJURVY0WTJWd2RHbHZiam9nVlc1bGVIQmxZM1JsWkNCbGJtUWdiMllnWTI5dGJXRnVaQ0JwYmlCemRHRjBaVzFsYm5RZ1cxVlFSRUZVUlNCQ1lYTnJaWFJEYjI1MFpXNTBjeUJUUlZRZ2NYVmhiblJwZEhrZ1BTQXhJRmRJUlZKRklHSmhjMnRsZEdsa1BUSW5JRUZPUkNCd2NtOWtkV04wYVdRZ1BTQXhPRjBLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1VUdGblpVTnZiblJsZUhSSmJYQnNMbVJ2U0dGdVpHeGxVR0ZuWlVWNFkyVndkR2x2YmloUVlXZGxRMjl1ZEdWNGRFbHRjR3d1YW1GMllUbzVNRGtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1eWRXNTBhVzFsTGxCaFoyVkRiMjUwWlhoMFNXMXdiQzVvWVc1a2JHVlFZV2RsUlhoalpYQjBhVzl1S0ZCaFoyVkRiMjUwWlhoMFNXMXdiQzVxWVhaaE9qZ3pPQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFuTndMbUpoYzJ0bGRGOXFjM0F1WDJwemNGTmxjblpwWTJVb1ltRnphMlYwWDJwemNDNXFZWFpoT2pRME1pa0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbkoxYm5ScGJXVXVTSFIwY0VwemNFSmhjMlV1YzJWeWRtbGpaU2hJZEhSd1NuTndRbUZ6WlM1cVlYWmhPamN3S1FvSmFtRjJZWGd1YzJWeWRteGxkQzVvZEhSd0xraDBkSEJUWlhKMmJHVjBMbk5sY25acFkyVW9TSFIwY0ZObGNuWnNaWFF1YW1GMllUbzNNamtwQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhSWGNtRndjR1Z5TG5ObGNuWnBZMlVvU25Od1UyVnlkbXhsZEZkeVlYQndaWEl1YW1GMllUbzBORE1wQ2dsdmNtY3VZWEJoWTJobExtcGhjM0JsY2k1elpYSjJiR1YwTGtwemNGTmxjblpzWlhRdWMyVnlkbWxqWlVwemNFWnBiR1VvU25Od1UyVnlkbXhsZEM1cVlYWmhPak00TlNrS0NXOXlaeTVoY0dGamFHVXVhbUZ6Y0dWeUxuTmxjblpzWlhRdVNuTndVMlZ5ZG14bGRDNXpaWEoyYVdObEtFcHpjRk5sY25ac1pYUXVhbUYyWVRvek1qa3BDZ2xxWVhaaGVDNXpaWEoyYkdWMExtaDBkSEF1U0hSMGNGTmxjblpzWlhRdWMyVnlkbWxqWlNoSWRIUndVMlZ5ZG14bGRDNXFZWFpoT2pjeU9Ta0tDVzl5Wnk1aGNHRmphR1V1ZEc5dFkyRjBMbmRsWW5OdlkydGxkQzV6WlhKMlpYSXVWM05HYVd4MFpYSXVaRzlHYVd4MFpYSW9WM05HYVd4MFpYSXVhbUYyWVRvMU15a0tQQzl3Y21VK1BIQStQR0krY205dmRDQmpZWFZ6WlR3dllqNDhMM0ErUEhCeVpUNXFZWFpoTG5OeGJDNVRVVXhGZUdObGNIUnBiMjQ2SUZWdVpYaHdaV04wWldRZ1pXNWtJRzltSUdOdmJXMWhibVFnYVc0Z2MzUmhkR1Z0Wlc1MElGdFZVRVJCVkVVZ1FtRnphMlYwUTI5dWRHVnVkSE1nVTBWVUlIRjFZVzUwYVhSNUlEMGdNU0JYU0VWU1JTQmlZWE5yWlhScFpEMHlKeUJCVGtRZ2NISnZaSFZqZEdsa0lEMGdNVGhkQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11VlhScGJDNTBhSEp2ZDBWeWNtOXlLRlZ1YTI1dmQyNGdVMjkxY21ObEtRb0piM0puTG1oemNXeGtZaTVxWkdKakxtcGtZbU5RY21Wd1lYSmxaRk4wWVhSbGJXVnVkQzRtYkhRN2FXNXBkQ1puZERzb1ZXNXJibTkzYmlCVGIzVnlZMlVwQ2dsdmNtY3VhSE54YkdSaUxtcGtZbU11YW1SaVkwTnZibTVsWTNScGIyNHVjSEpsY0dGeVpWTjBZWFJsYldWdWRDaFZibXR1YjNkdUlGTnZkWEpqWlNrS0NXOXlaeTVoY0dGamFHVXVhbk53TG1KaGMydGxkRjlxYzNBdVgycHpjRk5sY25acFkyVW9ZbUZ6YTJWMFgycHpjQzVxWVhaaE9qTTJOQ2tLQ1c5eVp5NWhjR0ZqYUdVdWFtRnpjR1Z5TG5KMWJuUnBiV1V1U0hSMGNFcHpjRUpoYzJVdWMyVnlkbWxqWlNoSWRIUndTbk53UW1GelpTNXFZWFpoT2pjd0tRb0phbUYyWVhndWMyVnlkbXhsZEM1b2RIUndMa2gwZEhCVFpYSjJiR1YwTG5ObGNuWnBZMlVvU0hSMGNGTmxjblpzWlhRdWFtRjJZVG8zTWprcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUlhjbUZ3Y0dWeUxuTmxjblpwWTJVb1NuTndVMlZ5ZG14bGRGZHlZWEJ3WlhJdWFtRjJZVG8wTkRNcENnbHZjbWN1WVhCaFkyaGxMbXBoYzNCbGNpNXpaWEoyYkdWMExrcHpjRk5sY25ac1pYUXVjMlZ5ZG1salpVcHpjRVpwYkdVb1NuTndVMlZ5ZG14bGRDNXFZWFpoT2pNNE5Ta0tDVzl5Wnk1aGNHRmphR1V1YW1GemNHVnlMbk5sY25ac1pYUXVTbk53VTJWeWRteGxkQzV6WlhKMmFXTmxLRXB6Y0ZObGNuWnNaWFF1YW1GMllUb3pNamtwQ2dscVlYWmhlQzV6WlhKMmJHVjBMbWgwZEhBdVNIUjBjRk5sY25ac1pYUXVjMlZ5ZG1salpTaElkSFJ3VTJWeWRteGxkQzVxWVhaaE9qY3lPU2tLQ1c5eVp5NWhjR0ZqYUdVdWRHOXRZMkYwTG5kbFluTnZZMnRsZEM1elpYSjJaWEl1VjNOR2FXeDBaWEl1Wkc5R2FXeDBaWElvVjNOR2FXeDBaWEl1YW1GMllUbzFNeWtLUEM5d2NtVStQSEErUEdJK2JtOTBaVHd2WWo0Z1BIVStWR2hsSUdaMWJHd2djM1JoWTJzZ2RISmhZMlVnYjJZZ2RHaGxJSEp2YjNRZ1kyRjFjMlVnYVhNZ1lYWmhhV3hoWW14bElHbHVJSFJvWlNCQmNHRmphR1VnVkc5dFkyRjBMemt1TUM0d0xrMDBJR3h2WjNNdVBDOTFQand2Y0Q0OGFISWdZMnhoYzNNOUlteHBibVVpUGp4b016NUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5b016NDhMMkp2WkhrK1BDOW9kRzFzUGc9PQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 86,
- "fields": {
- "finding": 345,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKeVoxYzJWeWJtRnRaVDA9",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLRFFvOGNDQnpkSGxzWlQwaVkyOXNiM0k2Y21Wa0lqNVpiM1VnYzNWd2NHeHBaV1FnWVc0Z2FXNTJZV3hwWkNCdVlXMWxJRzl5SUhCaGMzTjNiM0prTGp3dmNENEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 87,
- "fields": {
- "finding": 345,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXNiMmRwYmk1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdmJHOW5hVzR1YW5Od0RRcERiMjUwWlc1MExWUjVjR1U2SUdGd2NHeHBZMkYwYVc5dUwzZ3RkM2QzTFdadmNtMHRkWEpzWlc1amIyUmxaQTBLUTI5dWRHVnVkQzFNWlc1bmRHZzZJRE15RFFwRGIyOXJhV1U2SUVwVFJWTlRTVTlPU1VROU5rVTVOVGMzUVRFMlFrRkROakU1TVRORVJUazNRVGc0TjBGRU5qQXlOelU3SUdKZmFXUTlNZzBLRFFwd1lYTnpkMjl5WkQxMFpYTjBRSFJsYzNRdVkyOXRKblZ6WlhKdVlXMWxQU2M9",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTVNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2xONWMzUmxiU0JsY25KdmNpNEtEUW9LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZFhObGNqRkFkR2hsWW05a1oyVnBkSE4wYjNKbExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb05Danh3SUhOMGVXeGxQU0pqYjJ4dmNqcHlaV1FpUGxsdmRTQnpkWEJ3YkdsbFpDQmhiaUJwYm5aaGJHbGtJRzVoYldVZ2IzSWdjR0Z6YzNkdmNtUXVQQzl3UGdvTkNqeG9NejVNYjJkcGJqd3ZhRE0rRFFwUWJHVmhjMlVnWlc1MFpYSWdlVzkxY2lCamNtVmtaVzUwYVdGc2N6b2dQR0p5THo0OFluSXZQZzBLUEdadmNtMGdiV1YwYUc5a1BTSlFUMU5VSWo0TkNnazhZMlZ1ZEdWeVBnMEtDVHgwWVdKc1pUNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1VmMyVnlibUZ0WlRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0oxYzJWeWJtRnRaU0lnYm1GdFpUMGlkWE5sY201aGJXVWlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUeDBjajROQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0RRb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluQmhjM04zYjNKa0lpQnVZVzFsUFNKd1lYTnpkMjl5WkNJZ2RIbHdaVDBpY0dGemMzZHZjbVFpUGp3dmFXNXdkWFErUEM5MFpENE5DZ2s4TDNSeVBnMEtDVHgwY2o0TkNna0pQSFJrUGp3dmRHUStEUW9KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVEc5bmFXNGlQand2YVc1d2RYUStQQzkwWkQ0TkNnazhMM1J5UGcwS0NUd3ZkR0ZpYkdVK0RRb0pQQzlqWlc1MFpYSStEUW84TDJadmNtMCtEUXBKWmlCNWIzVWdaRzl1ZENCb1lYWmxJR0Z1SUdGalkyOTFiblFnZDJsMGFDQjFjeUIwYUdWdUlIQnNaV0Z6WlNBOFlTQm9jbVZtUFNKeVpXZHBjM1JsY2k1cWMzQWlQbEpsWjJsemRHVnlQQzloUGlCdWIzY2dabTl5SUdFZ1puSmxaU0JoWTJOdmRXNTBMZzBLUEdKeUx6NDhZbkl2UGcwS0RRbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2cwS0RRbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 88,
- "fields": {
- "finding": 345,
- "burpRequestBase64": "VUU5VFZDQXZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FnU0ZSVVVDOHhMakVOQ2todmMzUTZJR3h2WTJGc2FHOXpkRG80T0RnNERRcFZjMlZ5TFVGblpXNTBPaUJOYjNwcGJHeGhMelV1TUNBb1RXRmphVzUwYjNOb095QkpiblJsYkNCTllXTWdUMU1nV0NBeE1DNHhNVHNnY25ZNk5EY3VNQ2tnUjJWamEyOHZNakF4TURBeE1ERWdSbWx5WldadmVDODBOeTR3RFFwQlkyTmxjSFE2SUhSbGVIUXZhSFJ0YkN4aGNIQnNhV05oZEdsdmJpOTRhSFJ0YkN0NGJXd3NZWEJ3YkdsallYUnBiMjR2ZUcxc08zRTlNQzQ1TENvdktqdHhQVEF1T0EwS1FXTmpaWEIwTFV4aGJtZDFZV2RsT2lCbGJpMVZVeXhsYmp0eFBUQXVOUTBLUVdOalpYQjBMVVZ1WTI5a2FXNW5PaUJuZW1sd0xDQmtaV1pzWVhSbERRcFNaV1psY21WeU9pQm9kSFJ3T2k4dmJHOWpZV3hvYjNOME9qZzRPRGd2WW05a1oyVnBkQzl5WldkcGMzUmxjaTVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS1EyOXVibVZqZEdsdmJqb2dZMnh2YzJVTkNrTnZiblJsYm5RdFZIbHdaVG9nWVhCd2JHbGpZWFJwYjI0dmVDMTNkM2N0Wm05eWJTMTFjbXhsYm1OdlpHVmtEUXBEYjI1MFpXNTBMVXhsYm1kMGFEb2dOakFOQ2cwS2RYTmxjbTVoYldVOWRHVnpkRUIwWlhOMExtTnZiU2NtY0dGemMzZHZjbVF4UFhSbGMzUXhNak1tY0dGemMzZHZjbVF5UFhSbGMzUXhNak09",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qVTNNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDbE41YzNSbGJTQmxjbkp2Y2k0S0Nnb0tDZ29LUENGRVQwTlVXVkJGSUVoVVRVd2dVRlZDVEVsRElDSXRMeTlYTTBNdkwwUlVSQ0JJVkUxTUlETXVNaTh2UlU0aVBnbzhhSFJ0YkQ0S1BHaGxZV1ErQ2p4MGFYUnNaVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2ZEdsMGJHVStDanhzYVc1cklHaHlaV1k5SW5OMGVXeGxMbU56Y3lJZ2NtVnNQU0p6ZEhsc1pYTm9aV1YwSWlCMGVYQmxQU0owWlhoMEwyTnpjeUlnTHo0S1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlJSE55WXowaUxpOXFjeTkxZEdsc0xtcHpJajQ4TDNOamNtbHdkRDRLUEM5b1pXRmtQZ284WW05a2VUNEtDanhqWlc1MFpYSStDangwWVdKc1pTQjNhV1IwYUQwaU9EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhTREUrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDBneFBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBWd2libTlpYjNKa1pYSmNJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlQaVp1WW5Od096d3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTkRBbElqNVhaU0JpYjJSblpTQnBkQ3dnYzI4Z2VXOTFJR1J2Ym5RZ2FHRjJaU0IwYnlFOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJak13SlNJZ2MzUjViR1U5SW5SbGVIUXRZV3hwWjI0NklISnBaMmgwSWlBK0NsVnpaWEk2SUR4aElHaHlaV1k5SW5CaGMzTjNiM0prTG1wemNDSStkR1Z6ZEVCMFpYTjBMbU52YlhsbU1UTTJQSE5qY21sd2RENWhiR1Z5ZENneEtUd3ZjMk55YVhCMFBtcHNaV1IxUEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1VtVm5hWE4wWlhJOEwyZ3pQZ29LQ2xCc1pXRnpaU0JsYm5SbGNpQjBhR1VnWm05c2JHOTNhVzVuSUdSbGRHRnBiSE1nZEc4Z2NtVm5hWE4wWlhJZ2QybDBhQ0IxY3pvZ1BHSnlMejQ4WW5JdlBnbzhabTl5YlNCdFpYUm9iMlE5SWxCUFUxUWlQZ29KUEdObGJuUmxjajRLQ1R4MFlXSnNaVDRLQ1R4MGNqNEtDUWs4ZEdRK1ZYTmxjbTVoYldVZ0tIbHZkWElnWlcxaGFXd2dZV1JrY21WemN5azZQQzkwWkQ0S0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKMWMyVnlibUZ0WlNJZ2JtRnRaVDBpZFhObGNtNWhiV1VpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhkSEkrQ2drSlBIUmtQbEJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReElpQnVZVzFsUFNKd1lYTnpkMjl5WkRFaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDVEYjI1bWFYSnRJRkJoYzNOM2IzSmtPand2ZEdRK0Nna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWNHRnpjM2R2Y21ReUlpQnVZVzFsUFNKd1lYTnpkMjl5WkRJaUlIUjVjR1U5SW5CaGMzTjNiM0prSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQSFJ5UGdvSkNUeDBaRDQ4TDNSa1Bnb0pDVHgwWkQ0OGFXNXdkWFFnYVdROUluTjFZbTFwZENJZ2RIbHdaVDBpYzNWaWJXbDBJaUIyWVd4MVpUMGlVbVZuYVhOMFpYSWlQand2YVc1d2RYUStQQzkwWkQ0S0NUd3ZkSEkrQ2drOEwzUmhZbXhsUGdvSlBDOWpaVzUwWlhJK0Nqd3ZabTl5YlQ0S0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 89,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEx5QklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnPT0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtVMlYwTFVOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHR3WVhSb1BTOWliMlJuWldsMEx6dElkSFJ3VDI1c2VRMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016SXhNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0Rvd015QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TkNJK1ZHaHBibWRwWlNBeFBDOWhQand2ZEdRK1BIUmtQbFJvYVc1bmFXVnpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a015NHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU9TSStWR2x3YjJadGVYUnZibWQxWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTXk0M05Ed3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtQanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNCeWIyUnBaRDB6TVNJK1dXOTFhMjV2ZDNkb1lYUThMMkUrUEM5MFpENDhkR1ErVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BEUXVNekk4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qa2lQbFJwY0c5bWJYbDBiMjVuZFdVOEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU56UThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5T1NJK1ZFZEtJRUZCUVR3dllUNDhMM1JrUGp4MFpENVVhR2x1WjJGdFlXcHBaM004TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXdMamt3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUSTBJajVIV2lCR1dqZzhMMkUrUEM5MFpENDhkR1ErUjJsNmJXOXpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01TNHdNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweE9DSStWMmhoZEhOcGRDQjNaV2xuYUR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5UQThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpFaVBsbHZkV3R1YjNkM2FHRjBQQzloUGp3dmRHUStQSFJrUGxkb1lYUmphR0Z0WVdOaGJHeHBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMak15UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUWWlQbFJvYVc1bmFXVWdNend2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TXpBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNekFpUGsxcGJtUmliR0Z1YXp3dllUNDhMM1JrUGp4MFpENVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOTBaRDQ4ZEdRZ1lXeHBaMjQ5SW5KcFoyaDBJajZrTVM0d01Ed3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStQQzlqWlc1MFpYSStQR0p5THo0S0NnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwyTmxiblJsY2o0S1BDOWliMlI1UGdvOEwyaDBiV3crQ2dvSw=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 90,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 91,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 92,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmliM1YwTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSXlOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ284SVVSUFExUlpVRVVnU0ZSTlRDQlFWVUpNU1VNZ0lpMHZMMWN6UXk4dlJGUkVJRWhVVFV3Z015NHlMeTlGVGlJK0NqeG9kRzFzUGdvOGFHVmhaRDRLUEhScGRHeGxQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzkwYVhSc1pUNEtQR3hwYm1zZ2FISmxaajBpYzNSNWJHVXVZM056SWlCeVpXdzlJbk4wZVd4bGMyaGxaWFFpSUhSNWNHVTlJblJsZUhRdlkzTnpJaUF2UGdvOGMyTnlhWEIwSUhSNWNHVTlJblJsZUhRdmFtRjJZWE5qY21sd2RDSWdjM0pqUFNJdUwycHpMM1YwYVd3dWFuTWlQand2YzJOeWFYQjBQZ284TDJobFlXUStDanhpYjJSNVBnb0tQR05sYm5SbGNqNEtQSFJoWW14bElIZHBaSFJvUFNJNE1DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSElnUWtkRFQweFBVajBqUXpORU9VWkdQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnWTI5c2MzQmhiajBpTmlJK0NqeElNVDVVYUdVZ1FtOWtaMlZKZENCVGRHOXlaVHd2U0RFK0NqeDBZV0pzWlNCM2FXUjBhRDBpTVRBd0pTSWdZMnhoYzNNOVhDSnViMkp2Y21SbGNsd2lQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSStKbTVpYzNBN1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0kwTUNVaVBsZGxJR0p2WkdkbElHbDBMQ0J6YnlCNWIzVWdaRzl1ZENCb1lYWmxJSFJ2SVR3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWlCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ2NtbG5hSFFpSUQ0S1ZYTmxjam9nUEdFZ2FISmxaajBpY0dGemMzZHZjbVF1YW5Od0lqNTBaWE4wUUhSbGMzUXVZMjl0UEM5aFBnb0tQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltaHZiV1V1YW5Od0lqNUliMjFsUEM5aFBqd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVlXSnZkWFF1YW5Od0lqNUJZbTkxZENCVmN6d3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pqYjI1MFlXTjBMbXB6Y0NJK1EyOXVkR0ZqZENCVmN6d3ZZVDQ4TDNSa1BnbzhJUzB0SUhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaVBqeGhJR2h5WldZOUltRmtiV2x1TG1wemNDSStRV1J0YVc0OEwyRStQQzkwWkMwdFBnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDRLQ2drSlBHRWdhSEpsWmowaWJHOW5iM1YwTG1wemNDSStURzluYjNWMFBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ284YURNK1FXSnZkWFFnVlhNOEwyZ3pQZ3BJWlhKbElHRjBJSFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxJSGRsSUd4cGRtVWdkWEFnZEc4Z2IzVnlJRzVoYldVZ1lXNWtJRzkxY2lCdGIzUjBieUU4WW5JdlBqeGljaTgrQ2s5TExDQnpieUIwYUdseklHbHpJSEpsWVd4c2VTQmhJSFJsYzNRZ1lYQndiR2xqWVhScGIyNGdkR2hoZENCamIyNTBZV2x1Y3lCaElISmhibWRsSUc5bUlIWjFiRzVsY21GaWFXeHBkR2xsY3k0OFluSXZQanhpY2k4K0NraHZkeUJ0WVc1NUlHTmhiaUI1YjNVZ1ptbHVaQ0JoYm1RZ1pYaHdiRzlwZEQ4L0lEeGljaTgrUEdKeUx6NEtDa05vWldOcklIbHZkWElnY0hKdlozSmxjM01nYjI0Z2RHaGxJRHhoSUdoeVpXWTlJbk5qYjNKbExtcHpjQ0krVTJOdmNtbHVaeUJ3WVdkbFBDOWhQaTRLQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 93,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwySmhjMnRsZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BITmpjbWx3ZENCMGVYQmxQU0owWlhoMEwycGhkbUZ6WTNKcGNIUWlQZ3BtZFc1amRHbHZiaUJwYm1OUmRXRnVkR2wwZVNBb2NISnZaR2xrS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVY4bklDc2djSEp2Wkdsa0tUc0tDV2xtSUNoeElDRTlJRzUxYkd3cElIc0tDUWwyWVhJZ2RtRnNJRDBnS3l0eExuWmhiSFZsT3dvSkNXbG1JQ2gyWVd3Z1BpQXhNaWtnZXdvSkNRbDJZV3dnUFNBeE1qc0tDUWw5Q2drSmNTNTJZV3gxWlNBOUlIWmhiRHNLQ1gwS2ZRcG1kVzVqZEdsdmJpQmtaV05SZFdGdWRHbDBlU0FvY0hKdlpHbGtLU0I3Q2dsMllYSWdjU0E5SUdSdlkzVnRaVzUwTG1kbGRFVnNaVzFsYm5SQ2VVbGtLQ2R4ZFdGdWRHbDBlVjhuSUNzZ2NISnZaR2xrS1RzS0NXbG1JQ2h4SUNFOUlHNTFiR3dwSUhzS0NRbDJZWElnZG1Gc0lEMGdMUzF4TG5aaGJIVmxPd29KQ1dsbUlDaDJZV3dnUENBd0tTQjdDZ2tKQ1haaGJDQTlJREE3Q2drSmZRb0pDWEV1ZG1Gc2RXVWdQU0IyWVd3N0NnbDlDbjBLUEM5elkzSnBjSFErQ2dvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RHVnpkRUIwWlhOMExtTnZiVHd2WVQ0S0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKb2IyMWxMbXB6Y0NJK1NHOXRaVHd2WVQ0OEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1GaWIzVjBMbXB6Y0NJK1FXSnZkWFFnVlhNOEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZMjl1ZEdGamRDNXFjM0FpUGtOdmJuUmhZM1FnVlhNOEwyRStQQzkwWkQ0S1BDRXRMU0IwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWo0OFlTQm9jbVZtUFNKaFpHMXBiaTVxYzNBaVBrRmtiV2x1UEM5aFBqd3ZkR1F0TFQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStDZ29KQ1R4aElHaHlaV1k5SW14dloyOTFkQzVxYzNBaVBreHZaMjkxZER3dllUNEtDand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUpoYzJ0bGRDNXFjM0FpUGxsdmRYSWdRbUZ6YTJWMFBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbk5sWVhKamFDNXFjM0FpUGxObFlYSmphRHd2WVQ0OEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MGlZbTl5WkdWeUlqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUlteGxablFpSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU1qVWxJajRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRZaVBrUnZiMlJoYUhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUVWlQa2RwZW0xdmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNeUkrVkdocGJtZGhiV0ZxYVdkelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHlJajVVYUdsdVoybGxjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TnlJK1YyaGhkR05vWVcxaFkyRnNiR2wwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5DSStWMmhoZEhOcGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVEVpUGxkcFpHZGxkSE04TDJFK1BHSnlMejRLQ2p4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBnbzhMM1JrUGdvOGRHUWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0kzTUNVaVBnb0tDanhvTXo1WmIzVnlJRUpoYzJ0bGREd3ZhRE0rQ2p4bWIzSnRJR0ZqZEdsdmJqMGlZbUZ6YTJWMExtcHpjQ0lnYldWMGFHOWtQU0p3YjNOMElqNEtQSFJoWW14bElHSnZjbVJsY2owaU1TSWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytVSEp2WkhWamREd3ZkR2crUEhSb1BsRjFZVzUwYVhSNVBDOTBhRDQ4ZEdnK1VISnBZMlU4TDNSb1BqeDBhRDVVYjNSaGJEd3ZkR2crUEM5MGNqNEtQSFJ5UGdvOGRHUStQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvY0hKdlpHbGtQVEU0SWo1WGFHRjBjMmwwSUhkbGFXZG9QQzloUGp3dmRHUStDangwWkNCemRIbHNaVDBpZEdWNGRDMWhiR2xuYmpvZ1kyVnVkR1Z5SWo0bWJtSnpjRHM4WVNCb2NtVm1QU0lqSWlCdmJtTnNhV05yUFNKa1pXTlJkV0Z1ZEdsMGVTZ3hPQ2s3SWo0OGFXMW5JSE55WXowaWFXMWhaMlZ6THpFek1DNXdibWNpSUdGc2REMGlSR1ZqY21WaGMyVWdjWFZoYm5ScGRIa2dhVzRnWW1GemEyVjBJaUJpYjNKa1pYSTlJakFpUGp3dllUNG1ibUp6Y0RzOGFXNXdkWFFnYVdROUluRjFZVzUwYVhSNVh6RTRJaUJ1WVcxbFBTSnhkV0Z1ZEdsMGVWOHhPQ0lnZG1Gc2RXVTlJakVpSUcxaGVHeGxibWQwYUQwaU1pSWdjMmw2WlNBOUlDSXlJaUJ6ZEhsc1pUMGlkR1Y0ZEMxaGJHbG5iam9nY21sbmFIUWlJRkpGUVVSUFRreFpJQzgrSm01aWMzQTdQR0VnYUhKbFpqMGlJeUlnYjI1amJHbGphejBpYVc1alVYVmhiblJwZEhrb01UZ3BPeUkrUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TWprdWNHNW5JaUJoYkhROUlrbHVZM0psWVhObElIRjFZVzUwYVhSNUlHbHVJR0poYzJ0bGRDSWdZbTl5WkdWeVBTSXdJajQ4TDJFK0ptNWljM0E3UEM5MFpENEtQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwREl1TlRBOEwzUmtQZ284TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUXlMalV3UEM5MFpENEtQQzkwY2o0S1BIUnlQangwWkQ1VWIzUmhiRHd2ZEdRK1BIUmtJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJqWlc1MFpYSWlQanhwYm5CMWRDQnBaRDBpZFhCa1lYUmxJaUJ1WVcxbFBTSjFjR1JoZEdVaUlIUjVjR1U5SW5OMVltMXBkQ0lnZG1Gc2RXVTlJbFZ3WkdGMFpTQkNZWE5yWlhRaUx6NDhMM1JrUGp4MFpENG1ibUp6Y0RzOEwzUmtQangwWkNCaGJHbG5iajBpY21sbmFIUWlQcVF5TGpVd1BDOTBaRDQ4TDNSeVBnbzhMM1JoWW14bFBnb0tQQzltYjNKdFBnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 94,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtkbUZ1WTJWa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXpaV0Z5WTJndWFuTndEUXBEYjI5cmFXVTZJRXBUUlZOVFNVOU9TVVE5TmtVNU5UYzNRVEUyUWtGRE5qRTVNVE5FUlRrM1FUZzROMEZFTmpBeU56VU5DZzBL",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016STVNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeFRRMUpKVUZRK0NpQWdJQ0JzYjJGa1ptbHNaU2duTGk5cWN5OWxibU55ZVhCMGFXOXVMbXB6SnlrN0NpQWdJQ0FLSUNBZ0lIWmhjaUJyWlhrZ1BTQWlOR1U0TTJZd1pEZ3RaR1ppTWkwMFppSTdDaUFnSUNBS0lDQWdJR1oxYm1OMGFXOXVJSFpoYkdsa1lYUmxSbTl5YlNobWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NYVmxjbmtnUFNCa2IyTjFiV1Z1ZEM1blpYUkZiR1Z0Wlc1MFFubEpaQ2duY1hWbGNua25LVHNLSUNBZ0lDQWdJQ0IyWVhJZ2NTQTlJR1J2WTNWdFpXNTBMbWRsZEVWc1pXMWxiblJDZVVsa0tDZHhKeWs3Q2lBZ0lDQWdJQ0FnZG1GeUlIWmhiQ0E5SUdWdVkzSjVjSFJHYjNKdEtHdGxlU3dnWm05eWJTazdDaUFnSUNBZ0lDQWdhV1lvZG1Gc0tYc0tJQ0FnSUNBZ0lDQWdJQ0FnY1M1MllXeDFaU0E5SUhaaGJEc0tJQ0FnSUNBZ0lDQWdJQ0FnY1hWbGNua3VjM1ZpYldsMEtDazdDaUFnSUNBZ0lDQWdmU0FnSUFvZ0lDQWdJQ0FnSUhKbGRIVnliaUJtWVd4elpUc0tJQ0FnSUgwS0lDQWdJQW9nSUNBZ1puVnVZM1JwYjI0Z1pXNWpjbmx3ZEVadmNtMG9hMlY1TENCbWIzSnRLWHNLSUNBZ0lDQWdJQ0IyWVhJZ2NHRnlZVzF6SUQwZ1ptOXliVjkwYjE5d1lYSmhiWE1vWm05eWJTa3VjbVZ3YkdGalpTZ3ZQQzluTENBbkpteDBPeWNwTG5KbGNHeGhZMlVvTHo0dlp5d2dKeVpuZERzbktTNXlaWEJzWVdObEtDOGlMMmNzSUNjbWNYVnZkRHNuS1M1eVpYQnNZV05sS0M4bkwyY3NJQ2NtSXpNNUp5azdDaUFnSUNBZ0lDQWdhV1lvY0dGeVlXMXpMbXhsYm1kMGFDQStJREFwQ2lBZ0lDQWdJQ0FnSUNBZ0lISmxkSFZ5YmlCQlpYTXVRM1J5TG1WdVkzSjVjSFFvY0dGeVlXMXpMQ0JyWlhrc0lERXlPQ2s3Q2lBZ0lDQWdJQ0FnY21WMGRYSnVJR1poYkhObE93b2dJQ0FnZlFvZ0lDQWdDaUFnSUNBS0lDQWdJQW84TDFORFVrbFFWRDRLSUNBZ0lBbzhhRE0rVTJWaGNtTm9QQzlvTXo0S1BHWnZiblFnYzJsNlpUMGlMVEVpUGdvS1BHWnZjbTBnYVdROUltRmtkbUZ1WTJWa0lpQnVZVzFsUFNKaFpIWmhibU5sWkNJZ2JXVjBhRzlrUFNKUVQxTlVJaUJ2Ym5OMVltMXBkRDBpY21WMGRYSnVJSFpoYkdsa1lYUmxSbTl5YlNoMGFHbHpLVHRtWVd4elpUc2lQZ284ZEdGaWJHVStDangwY2o0OGRHUStVSEp2WkhWamREbzhMM1JrUGp4MFpENDhhVzV3ZFhRZ2FXUTlKM0J5YjJSMVkzUW5JSFI1Y0dVOUozUmxlSFFuSUc1aGJXVTlKM0J5YjJSMVkzUW5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGtSbGMyTnlhWEIwYVc5dU9qd3ZkR1ErUEhSa1BqeHBibkIxZENCcFpEMG5aR1Z6WXljZ2RIbHdaVDBuZEdWNGRDY2dibUZ0WlQwblpHVnpZM0pwY0hScGIyNG5JQzgrUEM5MFpENDhMM1JrUGdvOGRISStQSFJrUGxSNWNHVTZQQzkwWkQ0OGRHUStQR2x1Y0hWMElHbGtQU2QwZVhCbEp5QjBlWEJsUFNkMFpYaDBKeUJ1WVcxbFBTZDBlWEJsSnlBdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENVFjbWxqWlRvOEwzUmtQangwWkQ0OGFXNXdkWFFnYVdROUozQnlhV05sSnlCMGVYQmxQU2QwWlhoMEp5QnVZVzFsUFNkd2NtbGpaU2NnTHo0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQQzkwWVdKc1pUNEtQQzltYjNKdFBnbzhabTl5YlNCcFpEMGljWFZsY25raUlHNWhiV1U5SW1Ga2RtRnVZMlZrSWlCdFpYUm9iMlE5SWxCUFUxUWlQZ29nSUNBZ1BHbHVjSFYwSUdsa1BTZHhKeUIwZVhCbFBTSm9hV1JrWlc0aUlHNWhiV1U5SW5FaUlIWmhiSFZsUFNJaUlDOCtDand2Wm05eWJUNEtDand2Wm05dWRENEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 95,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyRmtiV2x1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM4TkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qazVOdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRveU15QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDbFZ6WlhJNklEeGhJR2h5WldZOUluQmhjM04zYjNKa0xtcHpjQ0krZEdWemRFQjBaWE4wTG1OdmJUd3ZZVDRLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjI5MWRDNXFjM0FpUGt4dloyOTFkRHd2WVQ0S0Nqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltSmhjMnRsZEM1cWMzQWlQbGx2ZFhJZ1FtRnphMlYwUEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUluTmxZWEpqYUM1cWMzQWlQbE5sWVhKamFEd3ZZVDQ4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlQZ284ZEdRZ1lXeHBaMjQ5SW14bFpuUWlJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTWpVbElqNEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFlpUGtSdmIyUmhhSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRVaVBrZHBlbTF2Y3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU15SStWR2hwYm1kaGJXRnFhV2R6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweUlqNVVhR2x1WjJsbGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOeUkrVjJoaGRHTm9ZVzFoWTJGc2JHbDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TkNJK1YyaGhkSE5wZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BURWlQbGRwWkdkbGRITThMMkUrUEdKeUx6NEtDanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGdvOEwzUmtQZ284ZEdRZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSTNNQ1VpUGdvS0NqeG9NejVCWkcxcGJpQndZV2RsUEM5b016NEtQR0p5THo0OFkyVnVkR1Z5UGp4MFlXSnNaU0JqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVWYzJWeVNXUThMM1JvUGp4MGFENVZjMlZ5UEM5MGFENDhkR2crVW05c1pUd3ZkR2crUEhSb1BrSmhjMnRsZEVsa1BDOTBhRDQ4TDNSeVBnbzhkSEkrQ2p4MFpENHhQQzkwWkQ0OGRHUStkWE5sY2pGQWRHaGxZbTlrWjJWcGRITjBiM0psTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01qd3ZkR1ErUEhSa1BtRmtiV2x1UUhSb1pXSnZaR2RsYVhSemRHOXlaUzVqYjIwOEwzUmtQangwWkQ1QlJFMUpUand2ZEdRK1BIUmtQakE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0elBDOTBaRDQ4ZEdRK2RHVnpkRUIwYUdWaWIyUm5aV2wwYzNSdmNtVXVZMjl0UEM5MFpENDhkR1ErVlZORlVqd3ZkR1ErUEhSa1BqRThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQwUEM5MFpENDhkR1ErZEdWemRFQjBaWE4wTG1OdmJUd3ZkR1ErUEhSa1BsVlRSVkk4TDNSa1BqeDBaRDR3UEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0OEwyTmxiblJsY2o0OFluSXZQZ284WW5JdlBqeGpaVzUwWlhJK1BIUmhZbXhsSUdOc1lYTnpQU0ppYjNKa1pYSWlJSGRwWkhSb1BTSTRNQ1VpUGdvOGRISStQSFJvUGtKaGMydGxkRWxrUEM5MGFENDhkR2crVlhObGNrbGtQQzkwYUQ0OGRHZytSR0YwWlR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqTThMM1JrUGp4MFpENHlNREUyTFRBNExUSTNJREF5T2pBeU9qQXhMamM0T1R3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqSThMM1JrUGp4MFpENHdQQzkwWkQ0OGRHUStNakF4Tmkwd09DMHlOeUF3TWpvd09Eb3pNQzQ0TnprOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBqd3ZZMlZ1ZEdWeVBqeGljaTgrQ2p4aWNpOCtQR05sYm5SbGNqNDhkR0ZpYkdVZ1kyeGhjM005SW1KdmNtUmxjaUlnZDJsa2RHZzlJamd3SlNJK0NqeDBjajQ4ZEdnK1FtRnphMlYwU1dROEwzUm9QangwYUQ1UWNtOWtkV04wU1dROEwzUm9QangwYUQ1UmRXRnVkR2wwZVR3dmRHZytQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqRThMM1JrUGp4MFpENHhQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTVR3dmRHUStQSFJrUGpNOEwzUmtQangwWkQ0eVBDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStNVHd2ZEdRK1BIUmtQalU4TDNSa1BqeDBaRDR6UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK01Ud3ZkR1ErUEhSa1BqYzhMM1JrUGp4MFpENDBQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErTWp3dmRHUStQSFJrUGpFNFBDOTBaRDQ4ZEdRK01URThMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQand2WTJWdWRHVnlQanhpY2k4K0Nnb0tQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOWpaVzUwWlhJK0Nqd3ZZbTlrZVQ0S1BDOW9kRzFzUGdvS0NnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 96,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyTnZiblJoWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRb05DZz09",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTBNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvek9TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NURiMjUwWVdOMElGVnpQQzlvTXo0S1VHeGxZWE5sSUhObGJtUWdkWE1nZVc5MWNpQm1aV1ZrWW1GamF6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHbHVjSFYwSUhSNWNHVTlJbWhwWkdSbGJpSWdhV1E5SW5WelpYSWlJRzVoYldVOUltNTFiR3dpSUhaaGJIVmxQU0lpTHo0S0NUeHBibkIxZENCMGVYQmxQU0pvYVdSa1pXNGlJR2xrUFNKaGJuUnBZM055WmlJZ2JtRnRaVDBpWVc1MGFXTnpjbVlpSUhaaGJIVmxQU0l3TGprMU5UTTRNVFl5T1RjME5UTXlNVFFpUGp3dmFXNXdkWFErQ2drOFkyVnVkR1Z5UGdvSlBIUmhZbXhsUGdvSlBIUnlQZ29KQ1R4MFpENDhkR1Y0ZEdGeVpXRWdhV1E5SW1OdmJXMWxiblJ6SWlCdVlXMWxQU0pqYjIxdFpXNTBjeUlnWTI5c2N6MDRNQ0J5YjNkelBUZytQQzkwWlhoMFlYSmxZVDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p6ZFdKdGFYUWlJSFI1Y0dVOUluTjFZbTFwZENJZ2RtRnNkV1U5SWxOMVltMXBkQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUd3ZkR0ZpYkdVK0NnazhMMk5sYm5SbGNqNEtQQzltYjNKdFBnb0tDZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0Nnb0tDZz09"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 97,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyaHZiV1V1YW5Od0lFaFVWRkF2TVM0eERRcEliM04wT2lCc2IyTmhiR2h2YzNRNk9EZzRPQTBLUVdOalpYQjBPaUFxTHlvTkNrRmpZMlZ3ZEMxTVlXNW5kV0ZuWlRvZ1pXNE5DbFZ6WlhJdFFXZGxiblE2SUUxdmVtbHNiR0V2TlM0d0lDaGpiMjF3WVhScFlteGxPeUJOVTBsRklEa3VNRHNnVjJsdVpHOTNjeUJPVkNBMkxqRTdJRmRwYmpZME95QjROalE3SUZSeWFXUmxiblF2TlM0d0tRMEtRMjl1Ym1WamRHbHZiam9nWTJ4dmMyVU5DbEpsWm1WeVpYSTZJR2gwZEhBNkx5OXNiMk5oYkdodmMzUTZPRGc0T0M5aWIyUm5aV2wwTHcwS1EyOXZhMmxsT2lCS1UwVlRVMGxQVGtsRVBUWkZPVFUzTjBFeE5rSkJRell4T1RFelJFVTVOMEU0T0RkQlJEWXdNamMxRFFvTkNnPT0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ016RTVOZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvME1DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS1BDRkVUME5VV1ZCRklFaFVUVXdnVUZWQ1RFbERJQ0l0THk5WE0wTXZMMFJVUkNCSVZFMU1JRE11TWk4dlJVNGlQZ284YUhSdGJENEtQR2hsWVdRK0NqeDBhWFJzWlQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dmRHbDBiR1UrQ2p4c2FXNXJJR2h5WldZOUluTjBlV3hsTG1OemN5SWdjbVZzUFNKemRIbHNaWE5vWldWMElpQjBlWEJsUFNKMFpYaDBMMk56Y3lJZ0x6NEtQSE5qY21sd2RDQjBlWEJsUFNKMFpYaDBMMnBoZG1GelkzSnBjSFFpSUhOeVl6MGlMaTlxY3k5MWRHbHNMbXB6SWo0OEwzTmpjbWx3ZEQ0S1BDOW9aV0ZrUGdvOFltOWtlVDRLQ2p4alpXNTBaWEkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlPREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeUlFSkhRMDlNVDFJOUkwTXpSRGxHUmo0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284U0RFK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwwZ3hQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQVndpYm05aWIzSmtaWEpjSWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpUGladVluTndPend2ZEdRK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU5EQWxJajVYWlNCaWIyUm5aU0JwZEN3Z2MyOGdlVzkxSUdSdmJuUWdhR0YyWlNCMGJ5RThMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpNd0pTSWdjM1I1YkdVOUluUmxlSFF0WVd4cFoyNDZJSEpwWjJoMElpQStDa2QxWlhOMElIVnpaWElLQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0pvYjIxbExtcHpjQ0krU0c5dFpUd3ZZVDQ4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbUZpYjNWMExtcHpjQ0krUVdKdmRYUWdWWE04TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVkyOXVkR0ZqZEM1cWMzQWlQa052Ym5SaFkzUWdWWE04TDJFK1BDOTBaRDRLUENFdExTQjBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJajQ4WVNCb2NtVm1QU0poWkcxcGJpNXFjM0FpUGtGa2JXbHVQQzloUGp3dmRHUXRMVDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK0Nnb0pDVHhoSUdoeVpXWTlJbXh2WjJsdUxtcHpjQ0krVEc5bmFXNDhMMkUrQ2dvOEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaVlYTnJaWFF1YW5Od0lqNVpiM1Z5SUVKaGMydGxkRHd2WVQ0OEwzUmtQZ29LUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKelpXRnlZMmd1YW5Od0lqNVRaV0Z5WTJnOEwyRStQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdZMjlzYzNCaGJqMGlOaUkrQ2p4MFlXSnNaU0IzYVdSMGFEMGlNVEF3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pzWldaMElpQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJakkxSlNJK0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDJJajVFYjI5a1lXaHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAxSWo1SGFYcHRiM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRNaVBsUm9hVzVuWVcxaGFtbG5jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TWlJK1ZHaHBibWRwWlhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUY2lQbGRvWVhSamFHRnRZV05oYkd4cGRITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFFpUGxkb1lYUnphWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweElqNVhhV1JuWlhSelBDOWhQanhpY2k4K0NnbzhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejRLUEM5MFpENEtQSFJrSUhaaGJHbG5iajBpZEc5d0lpQjNhV1IwYUQwaU56QWxJajRLQ2dvOGFETStUM1Z5SUVKbGMzUWdSR1ZoYkhNaFBDOW9NejRLUEdObGJuUmxjajQ4ZEdGaWJHVWdZbTl5WkdWeVBTSXhJaUJqYkdGemN6MGlZbTl5WkdWeUlpQjNhV1IwYUQwaU9EQWxJajRLUEhSeVBqeDBhRDVRY205a2RXTjBQQzkwYUQ0OGRHZytWSGx3WlR3dmRHZytQSFJvUGxCeWFXTmxQQzkwYUQ0OEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TWlJK1EyOXRjR3hsZUNCWGFXUm5aWFE4TDJFK1BDOTBaRDQ4ZEdRK1YybGtaMlYwY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TVRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNVElpUGxSSFNpQkRRMFE4TDJFK1BDOTBaRDQ4ZEdRK1ZHaHBibWRoYldGcWFXZHpQQzkwWkQ0OGRHUWdZV3hwWjI0OUluSnBaMmgwSWo2a01pNHlNRHd2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGp4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzQnliMlJwWkQweU1TSStWMmhoZEhOcGRDQnpiM1Z1WkNCc2FXdGxQQzloUGp3dmRHUStQSFJrUGxkb1lYUnphWFJ6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTQ1TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhOeUkrVjJoaGRITnBkQ0JqWVd4c1pXUThMMkUrUEM5MFpENDhkR1ErVjJoaGRITnBkSE04TDNSa1BqeDBaQ0JoYkdsbmJqMGljbWxuYUhRaVBxUTBMakV3UEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9jSEp2Wkdsa1BUY2lQbFJvYVc1bmFXVWdORHd2WVQ0OEwzUmtQangwWkQ1VWFHbHVaMmxsY3p3dmRHUStQSFJrSUdGc2FXZHVQU0p5YVdkb2RDSStwRE11TlRBOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENDhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDl3Y205a2FXUTlNakFpUGxkb1lYUnphWFFnZEdGemRHVWdiR2xyWlR3dllUNDhMM1JrUGp4MFpENVhhR0YwYzJsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERNdU9UWThMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TXpJaVBsZG9ZWFJ1YjNROEwyRStQQzkwWkQ0OGRHUStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZkR1ErUEhSa0lHRnNhV2R1UFNKeWFXZG9kQ0krcERJdU5qZzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDQ4WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5d2NtOWthV1E5TVRJaVBsUkhTaUJEUTBROEwyRStQQzkwWkQ0OGRHUStWR2hwYm1kaGJXRnFhV2R6UEM5MFpENDhkR1FnWVd4cFoyNDlJbkpwWjJoMElqNmtNaTR5TUR3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM0J5YjJScFpEMHhPQ0krVjJoaGRITnBkQ0IzWldsbmFEd3ZZVDQ4TDNSa1BqeDBaRDVYYUdGMGMybDBjend2ZEdRK1BIUmtJR0ZzYVdkdVBTSnlhV2RvZENJK3BESXVOVEE4TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ0OFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOXdjbTlrYVdROU1qVWlQa2RhSUVzM056d3ZZVDQ4TDNSa1BqeDBaRDVIYVhwdGIzTThMM1JrUGp4MFpDQmhiR2xuYmowaWNtbG5hSFFpUHFRekxqQTFQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDQ4TDJObGJuUmxjajQ4WW5JdlBnb0tDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 98,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 99,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQnliMlIxWTNRdWFuTndJRWhVVkZBdk1TNHhEUXBJYjNOME9pQnNiMk5oYkdodmMzUTZPRGc0T0EwS1FXTmpaWEIwT2lBcUx5b05Da0ZqWTJWd2RDMU1ZVzVuZFdGblpUb2daVzROQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hqYjIxd1lYUnBZbXhsT3lCTlUwbEZJRGt1TURzZ1YybHVaRzkzY3lCT1ZDQTJMakU3SUZkcGJqWTBPeUI0TmpRN0lGUnlhV1JsYm5Rdk5TNHdLUTBLUTI5dWJtVmpkR2x2YmpvZ1kyeHZjMlVOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTXlPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaVBncG1kVzVqZEdsdmJpQnBibU5SZFdGdWRHbDBlU0FvS1NCN0NnbDJZWElnY1NBOUlHUnZZM1Z0Wlc1MExtZGxkRVZzWlcxbGJuUkNlVWxrS0NkeGRXRnVkR2wwZVNjcE93b0phV1lnS0hFZ0lUMGdiblZzYkNrZ2V3b0pDWFpoY2lCMllXd2dQU0FySzNFdWRtRnNkV1U3Q2drSmFXWWdLSFpoYkNBK0lERXlLU0I3Q2drSkNYWmhiQ0E5SURFeU93b0pDWDBLQ1FseExuWmhiSFZsSUQwZ2RtRnNPd29KZlFwOUNtWjFibU4wYVc5dUlHUmxZMUYxWVc1MGFYUjVJQ2dwSUhzS0NYWmhjaUJ4SUQwZ1pHOWpkVzFsYm5RdVoyVjBSV3hsYldWdWRFSjVTV1FvSjNGMVlXNTBhWFI1SnlrN0NnbHBaaUFvY1NBaFBTQnVkV3hzS1NCN0Nna0pkbUZ5SUhaaGJDQTlJQzB0Y1M1MllXeDFaVHNLQ1FscFppQW9kbUZzSUR3Z01Ta2dld29KQ1FsMllXd2dQU0F4T3dvSkNYMEtDUWx4TG5aaGJIVmxJRDBnZG1Gc093b0pmUXA5Q2p3dmMyTnlhWEIwUGdvS0Nnb0tQQ0ZFVDBOVVdWQkZJRWhVVFV3Z1VGVkNURWxESUNJdEx5OVhNME12TDBSVVJDQklWRTFNSURNdU1pOHZSVTRpUGdvOGFIUnRiRDRLUEdobFlXUStDangwYVhSc1pUNVVhR1VnUW05a1oyVkpkQ0JUZEc5eVpUd3ZkR2wwYkdVK0NqeHNhVzVySUdoeVpXWTlJbk4wZVd4bExtTnpjeUlnY21Wc1BTSnpkSGxzWlhOb1pXVjBJaUIwZVhCbFBTSjBaWGgwTDJOemN5SWdMejRLUEhOamNtbHdkQ0IwZVhCbFBTSjBaWGgwTDJwaGRtRnpZM0pwY0hRaUlITnlZejBpTGk5cWN5OTFkR2xzTG1weklqNDhMM05qY21sd2RENEtQQzlvWldGa1BnbzhZbTlrZVQ0S0NqeGpaVzUwWlhJK0NqeDBZV0pzWlNCM2FXUjBhRDBpT0RBbElpQmpiR0Z6Y3owaVltOXlaR1Z5SWo0S1BIUnlJRUpIUTA5TVQxSTlJME16UkRsR1JqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOFNERStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMMGd4UGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFZ3aWJtOWliM0prWlhKY0lqNEtQSFJ5SUVKSFEwOU1UMUk5STBNelJEbEdSajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaVBpWnVZbk53T3p3dmRHUStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlOREFsSWo1WFpTQmliMlJuWlNCcGRDd2djMjhnZVc5MUlHUnZiblFnYUdGMlpTQjBieUU4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0lnYzNSNWJHVTlJblJsZUhRdFlXeHBaMjQ2SUhKcFoyaDBJaUErQ2xWelpYSTZJRHhoSUdoeVpXWTlJbkJoYzNOM2IzSmtMbXB6Y0NJK2RYTmxjakZBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2dvS0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dlkyVnVkR1Z5UGdvOEwySnZaSGsrQ2p3dmFIUnRiRDRLQ2dvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 100,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOGdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxVlZFWXRPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwRGIyNTBaVzUwTFV4bGJtZDBhRG9nTVRFeU16UU5DZzBLQ2dvS1BDRkVUME5VV1ZCRklHaDBiV3crQ2p4b2RHMXNJR3hoYm1jOUltVnVJajRLSUNBZ0lEeG9aV0ZrUGdvZ0lDQWdJQ0FnSUR4dFpYUmhJR05vWVhKelpYUTlJbFZVUmkwNElpQXZQZ29nSUNBZ0lDQWdJRHgwYVhSc1pUNUJjR0ZqYUdVZ1ZHOXRZMkYwTHprdU1DNHdMazAwUEM5MGFYUnNaVDRLSUNBZ0lDQWdJQ0E4YkdsdWF5Qm9jbVZtUFNKbVlYWnBZMjl1TG1samJ5SWdjbVZzUFNKcFkyOXVJaUIwZVhCbFBTSnBiV0ZuWlM5NExXbGpiMjRpSUM4K0NpQWdJQ0FnSUNBZ1BHeHBibXNnYUhKbFpqMGlabUYyYVdOdmJpNXBZMjhpSUhKbGJEMGljMmh2Y25SamRYUWdhV052YmlJZ2RIbHdaVDBpYVcxaFoyVXZlQzFwWTI5dUlpQXZQZ29nSUNBZ0lDQWdJRHhzYVc1cklHaHlaV1k5SW5SdmJXTmhkQzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NpQWdJQ0E4TDJobFlXUStDZ29nSUNBZ1BHSnZaSGsrQ2lBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZDNKaGNIQmxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUltNWhkbWxuWVhScGIyNGlJR05zWVhOelBTSmpkWEoyWldRZ1kyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHpjR0Z1SUdsa1BTSnVZWFl0YUc5dFpTSStQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkx5SStTRzl0WlR3dllUNDhMM053WVc0K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGMzQmhiaUJwWkQwaWJtRjJMV2h2YzNSeklqNDhZU0JvY21WbVBTSXZaRzlqY3k4aVBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMWpiMjVtYVdjaVBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGtOdmJtWnBaM1Z5WVhScGIyNDhMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxbGVHRnRjR3hsY3lJK1BHRWdhSEpsWmowaUwyVjRZVzF3YkdWekx5SStSWGhoYlhCc1pYTThMMkUrUEM5emNHRnVQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQSE53WVc0Z2FXUTlJbTVoZGkxM2FXdHBJajQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5R2NtOXVkRkJoWjJVaVBsZHBhMms4TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMXNhWE4wY3lJK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3aVBrMWhhV3hwYm1jZ1RHbHpkSE04TDJFK1BDOXpjR0Z1UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhOd1lXNGdhV1E5SW01aGRpMW9aV3h3SWo0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2Wm1sdVpHaGxiSEF1YUhSdGJDSStSbWx1WkNCSVpXeHdQQzloUGp3dmMzQmhiajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhpY2lCamJHRnpjejBpYzJWd1lYSmhkRzl5SWlBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVhObUxXSnZlQ0krQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURFK1FYQmhZMmhsSUZSdmJXTmhkQzg1TGpBdU1DNU5ORHd2YURFK0NpQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0oxY0hCbGNpSWdZMnhoYzNNOUltTjFjblpsWkNCamIyNTBZV2x1WlhJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaVkyOXVaM0poZEhNaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhREkrU1dZZ2VXOTFKM0psSUhObFpXbHVaeUIwYUdsekxDQjViM1VuZG1VZ2MzVmpZMlZ6YzJaMWJHeDVJR2x1YzNSaGJHeGxaQ0JVYjIxallYUXVJRU52Ym1keVlYUjFiR0YwYVc5dWN5RThMMmd5UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnViM1JwWTJVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhwYldjZ2MzSmpQU0owYjIxallYUXVjRzVuSWlCaGJIUTlJbHQwYjIxallYUWdiRzluYjEwaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpZEdGemEzTWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRE0rVW1WamIyMXRaVzVrWldRZ1VtVmhaR2x1WnpvOEwyZ3pQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpTDJSdlkzTXZjMlZqZFhKcGRIa3RhRzkzZEc4dWFIUnRiQ0krVTJWamRYSnBkSGtnUTI5dWMybGtaWEpoZEdsdmJuTWdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5dFlXNWhaMlZ5TFdodmQzUnZMbWgwYld3aVBrMWhibUZuWlhJZ1FYQndiR2xqWVhScGIyNGdTRTlYTFZSUFBDOWhQand2YURRK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENDhZU0JvY21WbVBTSXZaRzlqY3k5amJIVnpkR1Z5TFdodmQzUnZMbWgwYld3aVBrTnNkWE4wWlhKcGJtY3ZVMlZ6YzJsdmJpQlNaWEJzYVdOaGRHbHZiaUJJVDFjdFZFODhMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQnBaRDBpWVdOMGFXOXVjeUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZblYwZEc5dUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHRWdZMnhoYzNNOUltTnZiblJoYVc1bGNpQnphR0ZrYjNjaUlHaHlaV1k5SWk5dFlXNWhaMlZ5TDNOMFlYUjFjeUkrUEhOd1lXNCtVMlZ5ZG1WeUlGTjBZWFIxY3p3dmMzQmhiajQ4TDJFK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWW5WMGRHOXVJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR0VnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUJ6YUdGa2IzY2lJR2h5WldZOUlpOXRZVzVoWjJWeUwyaDBiV3dpUGp4emNHRnVQazFoYm1GblpYSWdRWEJ3UEM5emNHRnVQand2WVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0ppZFhSMGIyNGlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZU0JqYkdGemN6MGlZMjl1ZEdGcGJtVnlJSE5vWVdSdmR5SWdhSEpsWmowaUwyaHZjM1F0YldGdVlXZGxjaTlvZEcxc0lqNDhjM0JoYmo1SWIzTjBJRTFoYm1GblpYSThMM053WVc0K1BDOWhQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOElTMHRDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThZbklnWTJ4aGMzTTlJbk5sY0dGeVlYUnZjaUlnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUMwdFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSnRhV1JrYkdVaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b016NUVaWFpsYkc5d1pYSWdVWFZwWTJzZ1UzUmhjblE4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpVaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BqeGhJR2h5WldZOUlpOWtiMk56TDNObGRIVndMbWgwYld3aVBsUnZiV05oZENCVFpYUjFjRHd2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHdQanhoSUdoeVpXWTlJaTlrYjJOekwyRndjR1JsZGk4aVBrWnBjbk4wSUZkbFlpQkJjSEJzYVdOaGRHbHZiand2WVQ0OEwzQStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThMMlJwZGo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREkxSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4Y0Q0OFlTQm9jbVZtUFNJdlpHOWpjeTl5WldGc2JTMW9iM2QwYnk1b2RHMXNJajVTWldGc2JYTWdKbUZ0Y0RzZ1FVRkJQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlJ2WTNNdmFtNWthUzFrWVhSaGMyOTFjbU5sTFdWNFlXMXdiR1Z6TFdodmQzUnZMbWgwYld3aVBrcEVRa01nUkdGMFlWTnZkWEpqWlhNOEwyRStQQzl3UGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjJ3eU5TSStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXVkR0ZwYm1WeUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIQStQR0VnYUhKbFpqMGlMMlY0WVcxd2JHVnpMeUkrUlhoaGJYQnNaWE04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMnd5TlNJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR1JwZGlCamJHRnpjejBpWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhBK1BHRWdhSEpsWmowaWFIUjBjRG92TDNkcGEya3VZWEJoWTJobExtOXlaeTkwYjIxallYUXZVM0JsWTJsbWFXTmhkR2x2Ym5NaVBsTmxjblpzWlhRZ1UzQmxZMmxtYVdOaGRHbHZibk04TDJFK1BDOXdQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkMmxyYVM1aGNHRmphR1V1YjNKbkwzUnZiV05oZEM5VWIyMWpZWFJXWlhKemFXOXVjeUkrVkc5dFkyRjBJRlpsY25OcGIyNXpQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdKeUlHTnNZWE56UFNKelpYQmhjbUYwYjNJaUlDOCtDaUFnSUNBZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR2xrUFNKc2IzZGxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHbGtQU0pzYjNjdGJXRnVZV2RsSWlCamJHRnpjejBpSWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqZFhKMlpXUWdZMjl1ZEdGcGJtVnlJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR2d6UGsxaGJtRm5hVzVuSUZSdmJXTmhkRHd2YURNK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrWnZjaUJ6WldOMWNtbDBlU3dnWVdOalpYTnpJSFJ2SUhSb1pTQThZU0JvY21WbVBTSXZiV0Z1WVdkbGNpOW9kRzFzSWo1dFlXNWhaMlZ5SUhkbFltRndjRHd2WVQ0Z2FYTWdjbVZ6ZEhKcFkzUmxaQzRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdWWE5sY25NZ1lYSmxJR1JsWm1sdVpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwyTnZibVl2ZEc5dFkyRjBMWFZ6WlhKekxuaHRiRHd2Y0hKbFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNENUpiaUJVYjIxallYUWdPUzR3SUdGalkyVnpjeUIwYnlCMGFHVWdiV0Z1WVdkbGNpQmhjSEJzYVdOaGRHbHZiaUJwY3lCemNHeHBkQ0JpWlhSM1pXVnVDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJR1JwWm1abGNtVnVkQ0IxYzJWeWN5NGdKbTVpYzNBN0lEeGhJR2h5WldZOUlpOWtiMk56TDIxaGJtRm5aWEl0YUc5M2RHOHVhSFJ0YkNJK1VtVmhaQ0J0YjNKbExpNHVQQzloUGp3dmNENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ0OFlTQm9jbVZtUFNJdlpHOWpjeTlTUlV4RlFWTkZMVTVQVkVWVExuUjRkQ0krVW1Wc1pXRnpaU0JPYjNSbGN6d3ZZVDQ4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdlkyaGhibWRsYkc5bkxtaDBiV3dpUGtOb1lXNW5aV3h2Wnp3dllUNDhMMmcwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDIxcFozSmhkR2x2Ymk1b2RHMXNJajVOYVdkeVlYUnBiMjRnUjNWcFpHVThMMkUrUEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHZzBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OXpaV04xY21sMGVTNW9kRzFzSWo1VFpXTjFjbWwwZVNCT2IzUnBZMlZ6UEM5aFBqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnYVdROUlteHZkeTFrYjJOeklpQmpiR0Z6Y3owaUlqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WkdsMklHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnelBrUnZZM1Z0Wlc1MFlYUnBiMjQ4TDJnelBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGFEUStQR0VnYUhKbFpqMGlMMlJ2WTNNdklqNVViMjFqWVhRZ09TNHdJRVJ2WTNWdFpXNTBZWFJwYjI0OEwyRStQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUlpOWtiMk56TDJOdmJtWnBaeThpUGxSdmJXTmhkQ0E1TGpBZ1EyOXVabWxuZFhKaGRHbHZiand2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErUEdFZ2FISmxaajBpYUhSMGNEb3ZMM2RwYTJrdVlYQmhZMmhsTG05eVp5OTBiMjFqWVhRdlJuSnZiblJRWVdkbElqNVViMjFqWVhRZ1YybHJhVHd2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVHYVc1a0lHRmtaR2wwYVc5dVlXd2dhVzF3YjNKMFlXNTBJR052Ym1acFozVnlZWFJwYjI0Z2FXNW1iM0p0WVhScGIyNGdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGNISmxQaVJEUVZSQlRFbE9RVjlJVDAxRkwxSlZUazVKVGtjdWRIaDBQQzl3Y21VK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4d1BrUmxkbVZzYjNCbGNuTWdiV0Y1SUdKbElHbHVkR1Z5WlhOMFpXUWdhVzQ2UEM5d1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJKMVozSmxjRzl5ZEM1b2RHMXNJajVVYjIxallYUWdPUzR3SUVKMVp5QkVZWFJoWW1GelpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMkZ3YVM5cGJtUmxlQzVvZEcxc0lqNVViMjFqWVhRZ09TNHdJRXBoZG1GRWIyTnpQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNOMmJpNWhjR0ZqYUdVdWIzSm5MM0psY0c5ekwyRnpaaTkwYjIxallYUXZkR001TGpBdWVDOGlQbFJ2YldOaGRDQTVMakFnVTFaT0lGSmxjRzl6YVhSdmNuazhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJwWkQwaWJHOTNMV2hsYkhBaUlHTnNZWE56UFNJaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OMWNuWmxaQ0JqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURNK1IyVjBkR2x1WnlCSVpXeHdQQzlvTXo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdnMFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5bVlYRXZJajVHUVZFOEwyRStJR0Z1WkNBOFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNJK1RXRnBiR2x1WnlCTWFYTjBjend2WVQ0OEwyZzBQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThjRDVVYUdVZ1ptOXNiRzkzYVc1bklHMWhhV3hwYm1jZ2JHbHpkSE1nWVhKbElHRjJZV2xzWVdKc1pUbzhMM0ErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhU0JwWkQwaWJHbHpkQzFoYm01dmRXNWpaU0krUEhOMGNtOXVaejQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRZVzV1YjNWdVkyVWlQblJ2YldOaGRDMWhibTV2ZFc1alpUd3ZZVDQ4WW5JZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCSmJYQnZjblJoYm5RZ1lXNXViM1Z1WTJWdFpXNTBjeXdnY21Wc1pXRnpaWE1zSUhObFkzVnlhWFI1SUhaMWJHNWxjbUZpYVd4cGRIa2dibTkwYVdacFkyRjBhVzl1Y3k0Z0tFeHZkeUIyYjJ4MWJXVXBMand2YzNSeWIyNW5QZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZEc5dFkyRjBMbUZ3WVdOb1pTNXZjbWN2YkdsemRITXVhSFJ0YkNOMGIyMWpZWFF0ZFhObGNuTWlQblJ2YldOaGRDMTFjMlZ5Y3p3dllUNDhZbklnTHo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JWYzJWeUlITjFjSEJ2Y25RZ1lXNWtJR1JwYzJOMWMzTnBiMjRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJ4cGMzUnpMbWgwYld3amRHRm5iR2xpY3kxMWMyVnlJajUwWVdkc2FXSnpMWFZ6WlhJOEwyRStQR0p5SUM4K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnVlhObGNpQnpkWEJ3YjNKMElHRnVaQ0JrYVhOamRYTnphVzl1SUdadmNpQThZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmRHRm5iR2xpY3k4aVBrRndZV05vWlNCVVlXZHNhV0p6UEM5aFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR2x6ZEhNdWFIUnRiQ04wYjIxallYUXRaR1YySWo1MGIyMWpZWFF0WkdWMlBDOWhQanhpY2lBdlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUVSbGRtVnNiM0J0Wlc1MElHMWhhV3hwYm1jZ2JHbHpkQ3dnYVc1amJIVmthVzVuSUdOdmJXMXBkQ0J0WlhOellXZGxjd29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHSnlJR05zWVhOelBTSnpaWEJoY21GMGIzSWlJQzgrQ2lBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdsa1BTSm1iMjkwWlhJaUlHTnNZWE56UFNKamRYSjJaV1FnWTI5dWRHRnBibVZ5SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4a2FYWWdZMnhoYzNNOUltTnZiREl3SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThaR2wySUdOc1lYTnpQU0pqYjI1MFlXbHVaWElpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YURRK1QzUm9aWElnUkc5M2JteHZZV1J6UEM5b05ENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BIVnNQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEd4cFBqeGhJR2h5WldZOUltaDBkSEE2THk5MGIyMWpZWFF1WVhCaFkyaGxMbTl5Wnk5a2IzZHViRzloWkMxamIyNXVaV04wYjNKekxtTm5hU0krVkc5dFkyRjBJRU52Ym01bFkzUnZjbk04TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlpHOTNibXh2WVdRdGJtRjBhWFpsTG1ObmFTSStWRzl0WTJGMElFNWhkR2wyWlR3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OTBZV2RzYVdKekx5SStWR0ZuYkdsaWN6d3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SWk5a2IyTnpMMlJsY0d4dmVXVnlMV2h2ZDNSdkxtaDBiV3dpUGtSbGNHeHZlV1Z5UEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2ZFd3K0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQQzlrYVhZK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJESXdJajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOFpHbDJJR05zWVhOelBTSmpiMjUwWVdsdVpYSWlQZ29nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThhRFErVDNSb1pYSWdSRzlqZFcxbGJuUmhkR2x2Ymp3dmFEUStDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeDFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdlkyOXVibVZqZEc5eWN5MWtiMk12SWo1VWIyMWpZWFFnUTI5dWJtVmpkRzl5Y3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTBiMjFqWVhRdVlYQmhZMmhsTG05eVp5OWpiMjV1WldOMGIzSnpMV1J2WXk4aVBtMXZaRjlxYXlCRWIyTjFiV1Z1ZEdGMGFXOXVQQzloUGp3dmJHaytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDI1aGRHbDJaUzFrYjJNdklqNVViMjFqWVhRZ1RtRjBhWFpsUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlMMlJ2WTNNdlpHVndiRzk1WlhJdGFHOTNkRzh1YUhSdGJDSStSR1Z3Ykc5NVpYSThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUhaWFFnU1c1MmIyeDJaV1E4TDJnMFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGRXdytDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4YkdrK1BHRWdhSEpsWmowaWFIUjBjRG92TDNSdmJXTmhkQzVoY0dGamFHVXViM0puTDJkbGRHbHVkbTlzZG1Wa0xtaDBiV3dpUGs5MlpYSjJhV1YzUEM5aFBqd3ZiR2srQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOGJHaytQR0VnYUhKbFpqMGlhSFIwY0RvdkwzUnZiV05oZEM1aGNHRmphR1V1YjNKbkwzTjJiaTVvZEcxc0lqNVRWazRnVW1Wd2IzTnBkRzl5YVdWelBDOWhQand2YkdrK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQThiR2srUEdFZ2FISmxaajBpYUhSMGNEb3ZMM1J2YldOaGRDNWhjR0ZqYUdVdWIzSm5MMnhwYzNSekxtaDBiV3dpUGsxaGFXeHBibWNnVEdsemRITThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDJscmFTNWhjR0ZqYUdVdWIzSm5MM1J2YldOaGRDOUdjbTl1ZEZCaFoyVWlQbGRwYTJrOEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEM5MWJENEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDJScGRqNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEd3ZaR2wyUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEdScGRpQmpiR0Z6Y3owaVkyOXNNakFpUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeGthWFlnWTJ4aGMzTTlJbU52Ym5SaGFXNWxjaUkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhvTkQ1TmFYTmpaV3hzWVc1bGIzVnpQQzlvTkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnUEhWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlqYjI1MFlXTjBMbWgwYld3aVBrTnZiblJoWTNROEwyRStQQzlzYVQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZiR1ZuWVd3dWFIUnRiQ0krVEdWbllXdzhMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhzYVQ0OFlTQm9jbVZtUFNKb2RIUndPaTh2ZDNkM0xtRndZV05vWlM1dmNtY3ZabTkxYm1SaGRHbHZiaTl6Y0c5dWMyOXljMmhwY0M1b2RHMXNJajVUY0c5dWMyOXljMmhwY0R3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHeHBQanhoSUdoeVpXWTlJbWgwZEhBNkx5OTNkM2N1WVhCaFkyaGxMbTl5Wnk5bWIzVnVaR0YwYVc5dUwzUm9ZVzVyY3k1b2RHMXNJajVVYUdGdWEzTThMMkUrUEM5c2FUNEtJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOTFiRDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBOEwyUnBkajRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BHUnBkaUJqYkdGemN6MGlZMjlzTWpBaVBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHhrYVhZZ1kyeGhjM005SW1OdmJuUmhhVzVsY2lJK0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4b05ENUJjR0ZqYUdVZ1UyOW1kSGRoY21VZ1JtOTFibVJoZEdsdmJqd3ZhRFErQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHgxYkQ0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lEeHNhVDQ4WVNCb2NtVm1QU0pvZEhSd09pOHZkRzl0WTJGMExtRndZV05vWlM1dmNtY3ZkMmh2ZDJWaGNtVXVhSFJ0YkNJK1YyaHZJRmRsSUVGeVpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkwYjIxallYUXVZWEJoWTJobExtOXlaeTlvWlhKcGRHRm5aUzVvZEcxc0lqNUlaWEpwZEdGblpUd3ZZVDQ4TDJ4cFBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdQR3hwUGp4aElHaHlaV1k5SW1oMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5SStRWEJoWTJobElFaHZiV1U4TDJFK1BDOXNhVDRLSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUR4c2FUNDhZU0JvY21WbVBTSm9kSFJ3T2k4dmRHOXRZMkYwTG1Gd1lXTm9aUzV2Y21jdmNtVnpiM1Z5WTJWekxtaDBiV3dpUGxKbGMyOTFjbU5sY3p3dllUNDhMMnhwUGdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4TDNWc1Bnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJRHd2WkdsMlBnb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1BDOWthWFkrQ2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0E4WW5JZ1kyeGhjM005SW5ObGNHRnlZWFJ2Y2lJZ0x6NEtJQ0FnSUNBZ0lDQWdJQ0FnUEM5a2FYWStDaUFnSUNBZ0lDQWdJQ0FnSUR4d0lHTnNZWE56UFNKamIzQjVjbWxuYUhRaVBrTnZjSGx5YVdkb2RDQW1ZMjl3ZVRzeE9UazVMVEl3TVRZZ1FYQmhZMmhsSUZOdlpuUjNZWEpsSUVadmRXNWtZWFJwYjI0dUlDQkJiR3dnVW1sbmFIUnpJRkpsYzJWeWRtVmtQQzl3UGdvZ0lDQWdJQ0FnSUR3dlpHbDJQZ29nSUNBZ1BDOWliMlI1UGdvS1BDOW9kRzFzUGdvPQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 101,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmpiM0psTG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2tGalkyVndkRG9nS2k4cURRcEJZMk5sY0hRdFRHRnVaM1ZoWjJVNklHVnVEUXBWYzJWeUxVRm5aVzUwT2lCTmIzcHBiR3hoTHpVdU1DQW9ZMjl0Y0dGMGFXSnNaVHNnVFZOSlJTQTVMakE3SUZkcGJtUnZkM01nVGxRZ05pNHhPeUJYYVc0Mk5Ec2dlRFkwT3lCVWNtbGtaVzUwTHpVdU1Da05Da052Ym01bFkzUnBiMjQ2SUdOc2IzTmxEUXBTWldabGNtVnlPaUJvZEhSd09pOHZiRzlqWVd4b2IzTjBPamc0T0RndlltOWtaMlZwZEM5aFltOTFkQzVxYzNBTkNrTnZiMnRwWlRvZ1NsTkZVMU5KVDA1SlJEMDJSVGsxTnpkQk1UWkNRVU0yTVRreE0wUkZPVGRCT0RnM1FVUTJNREkzTlEwS0RRbz0=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ05EQTRNdzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveE5pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncFZjMlZ5T2lBOFlTQm9jbVZtUFNKd1lYTnpkMjl5WkM1cWMzQWlQblJsYzNSQWRHVnpkQzVqYjIxNVpqRXpOanh6WTNKcGNIUStZV3hsY25Rb01TazhMM05qY21sd2RENXFiR1ZrZFR3dllUNEtDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSm9iMjFsTG1wemNDSStTRzl0WlR3dllUNDhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltRmliM1YwTG1wemNDSStRV0p2ZFhRZ1ZYTThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWTI5dWRHRmpkQzVxYzNBaVBrTnZiblJoWTNRZ1ZYTThMMkUrUEM5MFpENEtQQ0V0TFNCMFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElqNDhZU0JvY21WbVBTSmhaRzFwYmk1cWMzQWlQa0ZrYldsdVBDOWhQand2ZEdRdExUNEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrQ2dvSkNUeGhJR2h5WldZOUlteHZaMjkxZEM1cWMzQWlQa3h2WjI5MWREd3ZZVDRLQ2p3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1KaGMydGxkQzVxYzNBaVBsbHZkWElnUW1GemEyVjBQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW5ObFlYSmphQzVxYzNBaVBsTmxZWEpqYUR3dllUNDhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejBpWW05eVpHVnlJajRLUEhSeVBnbzhkR1FnWVd4cFoyNDlJbXhsWm5RaUlIWmhiR2xuYmowaWRHOXdJaUIzYVdSMGFEMGlNalVsSWo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUWWlQa1J2YjJSaGFITThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVFVpUGtkcGVtMXZjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TXlJK1ZHaHBibWRoYldGcWFXZHpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB5SWo1VWFHbHVaMmxsY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU55SStWMmhoZEdOb1lXMWhZMkZzYkdsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOQ0krVjJoaGRITnBkSE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRFaVBsZHBaR2RsZEhNOEwyRStQR0p5THo0S0NqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQZ284TDNSa1BnbzhkR1FnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJM01DVWlQZ29LQ2p4b016NVpiM1Z5SUZOamIzSmxQQzlvTXo0S1NHVnlaU0JoY21VZ1lYUWdiR1ZoYzNRZ2MyOXRaU0J2WmlCMGFHVWdkblZzYm1WeVlXSnBiR2wwYVdWeklIUm9ZWFFnZVc5MUlHTmhiaUIwY25rZ1lXNWtJR1Y0Y0d4dmFYUTZQR0p5THo0OFluSXZQZ29LUEdObGJuUmxjajQ4ZEdGaWJHVWdZMnhoYzNNOUltSnZjbVJsY2lJZ2QybGtkR2c5SWpnd0pTSStDangwY2o0OGRHZytRMmhoYkd4bGJtZGxQQzkwYUQ0OGRHZytSRzl1WlQ4OEwzUm9Qand2ZEhJK0NqeDBjajRLUEhSa1BreHZaMmx1SUdGeklIUmxjM1JBZEdobFltOWtaMlZwZEhOMGIzSmxMbU52YlR3dmRHUStDangwWkQ0S1BHbHRaeUJ6Y21NOUltbHRZV2RsY3k4eE5URXVjRzVuSWlCaGJIUTlJazV2ZENCamIyMXdiR1YwWldRaUlIUnBkR3hsUFNKT2IzUWdZMjl0Y0d4bGRHVmtJaUJpYjNKa1pYSTlJakFpUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpENU1iMmRwYmlCaGN5QjFjMlZ5TVVCMGFHVmliMlJuWldsMGMzUnZjbVV1WTI5dFBDOTBaRDRLUEhSa1BnbzhhVzFuSUhOeVl6MGlhVzFoWjJWekx6RTFNaTV3Ym1jaUlHRnNkRDBpUTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpUTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVNYjJkcGJpQmhjeUJoWkcxcGJrQjBhR1ZpYjJSblpXbDBjM1J2Y21VdVkyOXRQQzkwWkQ0S1BIUmtQZ284YVcxbklITnlZejBpYVcxaFoyVnpMekUxTVM1d2JtY2lJR0ZzZEQwaVRtOTBJR052YlhCc1pYUmxaQ0lnZEdsMGJHVTlJazV2ZENCamIyMXdiR1YwWldRaUlHSnZjbVJsY2owaU1DSStDand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrUGtacGJtUWdhR2xrWkdWdUlHTnZiblJsYm5RZ1lYTWdZU0J1YjI0Z1lXUnRhVzRnZFhObGNqd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEl1Y0c1bklpQmhiSFE5SWtOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWtOdmJYQnNaWFJsWkNJZ1ltOXlaR1Z5UFNJd0lqNEtQQzkwWkQ0S1BDOTBjajRLUEhSeVBnbzhkR1ErUm1sdVpDQmthV0ZuYm05emRHbGpJR1JoZEdFOEwzUmtQZ284ZEdRK0NqeHBiV2NnYzNKalBTSnBiV0ZuWlhNdk1UVXhMbkJ1WnlJZ1lXeDBQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQjBhWFJzWlQwaVRtOTBJR052YlhCc1pYUmxaQ0lnWW05eVpHVnlQU0l3SWo0S1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUStUR1YyWld3Z01Ub2dSR2x6Y0d4aGVTQmhJSEJ2Y0hWd0lIVnphVzVuT2lBbWJIUTdjMk55YVhCMEptZDBPMkZzWlhKMEtDSllVMU1pS1Nac2REc3ZjMk55YVhCMEptZDBPeTQ4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1RHVjJaV3dnTWpvZ1JHbHpjR3hoZVNCaElIQnZjSFZ3SUhWemFXNW5PaUFtYkhRN2MyTnlhWEIwSm1kME8yRnNaWEowS0NKWVUxTWlLU1pzZERzdmMyTnlhWEIwSm1kME96d3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVCWTJObGMzTWdjMjl0Wlc5dVpTQmxiSE5sY3lCaVlYTnJaWFE4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeUxuQnVaeUlnWVd4MFBTSkRiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSkRiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa1BrZGxkQ0IwYUdVZ2MzUnZjbVVnZEc4Z2IzZGxJSGx2ZFNCdGIyNWxlVHd2ZEdRK0NqeDBaRDRLUEdsdFp5QnpjbU05SW1sdFlXZGxjeTh4TlRFdWNHNW5JaUJoYkhROUlrNXZkQ0JqYjIxd2JHVjBaV1FpSUhScGRHeGxQU0pPYjNRZ1kyOXRjR3hsZEdWa0lpQmliM0prWlhJOUlqQWlQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkQ1RGFHRnVaMlVnZVc5MWNpQndZWE56ZDI5eVpDQjJhV0VnWVNCSFJWUWdjbVZ4ZFdWemREd3ZkR1ErQ2p4MFpENEtQR2x0WnlCemNtTTlJbWx0WVdkbGN5OHhOVEV1Y0c1bklpQmhiSFE5SWs1dmRDQmpiMjF3YkdWMFpXUWlJSFJwZEd4bFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCaWIzSmtaWEk5SWpBaVBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaRDVEYjI1eGRXVnlJRUZGVXlCbGJtTnllWEIwYVc5dUxDQmhibVFnWkdsemNHeGhlU0JoSUhCdmNIVndJSFZ6YVc1bk9pQW1iSFE3YzJOeWFYQjBKbWQwTzJGc1pYSjBLQ0pJUUdOclpXUWdRVE5USWlrbWJIUTdMM05qY21sd2RDWm5kRHM4TDNSa1BnbzhkR1ErQ2p4cGJXY2djM0pqUFNKcGJXRm5aWE12TVRVeExuQnVaeUlnWVd4MFBTSk9iM1FnWTI5dGNHeGxkR1ZrSWlCMGFYUnNaVDBpVG05MElHTnZiWEJzWlhSbFpDSWdZbTl5WkdWeVBTSXdJajRLUEM5MFpENEtQQzkwY2o0S1BIUnlQZ284ZEdRK1EyOXVjWFZsY2lCQlJWTWdaVzVqY25sd2RHbHZiaUJoYm1RZ1lYQndaVzVrSUdFZ2JHbHpkQ0J2WmlCMFlXSnNaU0J1WVcxbGN5QjBieUIwYUdVZ2JtOXliV0ZzSUhKbGMzVnNkSE11UEM5MFpENEtQSFJrUGdvOGFXMW5JSE55WXowaWFXMWhaMlZ6THpFMU1TNXdibWNpSUdGc2REMGlUbTkwSUdOdmJYQnNaWFJsWkNJZ2RHbDBiR1U5SWs1dmRDQmpiMjF3YkdWMFpXUWlJR0p2Y21SbGNqMGlNQ0krQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK1BDOWpaVzUwWlhJK0NnbzhZbkl2UGdvS1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzkwWkQ0S1BDOTBjajRLUEM5MFlXSnNaVDRLUEM5alpXNTBaWEkrQ2p3dlltOWtlVDRLUEM5b2RHMXNQZ29LQ2c9PQ=="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 102,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMjkxZEM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01UazFPQTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU5DQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LUEdKeUx6NDhjQ0J6ZEhsc1pUMGlZMjlzYjNJNlozSmxaVzRpUGxSb1lXNXJJSGx2ZFNCbWIzSWdlVzkxY2lCamRYTjBiMjB1UEM5d1BqeGljaTgrQ2dvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284TDNSaFlteGxQZ284TDJObGJuUmxjajRLUEM5aWIyUjVQZ284TDJoMGJXdytDZ29L"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 103,
- "fields": {
- "finding": 346,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzTmxZWEpqYUM1cWMzQWdTRlJVVUM4eExqRU5Da2h2YzNRNklHeHZZMkZzYUc5emREbzRPRGc0RFFwQlkyTmxjSFE2SUNvdktnMEtRV05qWlhCMExVeGhibWQxWVdkbE9pQmxiZzBLVlhObGNpMUJaMlZ1ZERvZ1RXOTZhV3hzWVM4MUxqQWdLR052YlhCaGRHbGliR1U3SUUxVFNVVWdPUzR3T3lCWGFXNWtiM2R6SUU1VUlEWXVNVHNnVjJsdU5qUTdJSGcyTkRzZ1ZISnBaR1Z1ZEM4MUxqQXBEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLVW1WbVpYSmxjam9nYUhSMGNEb3ZMMnh2WTJGc2FHOXpkRG80T0RnNEwySnZaR2RsYVhRdkRRcERiMjlyYVdVNklFcFRSVk5UU1U5T1NVUTlOa1U1TlRjM1FURTJRa0ZETmpFNU1UTkVSVGszUVRnNE4wRkVOakF5TnpVTkNnMEs=",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qSTFPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TWpveU1TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvOElVUlBRMVJaVUVVZ1NGUk5UQ0JRVlVKTVNVTWdJaTB2TDFjelF5OHZSRlJFSUVoVVRVd2dNeTR5THk5RlRpSStDanhvZEcxc1BnbzhhR1ZoWkQ0S1BIUnBkR3hsUGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5MGFYUnNaVDRLUEd4cGJtc2dhSEpsWmowaWMzUjViR1V1WTNOeklpQnlaV3c5SW5OMGVXeGxjMmhsWlhRaUlIUjVjR1U5SW5SbGVIUXZZM056SWlBdlBnbzhjMk55YVhCMElIUjVjR1U5SW5SbGVIUXZhbUYyWVhOamNtbHdkQ0lnYzNKalBTSXVMMnB6TDNWMGFXd3Vhbk1pUGp3dmMyTnlhWEIwUGdvOEwyaGxZV1ErQ2p4aWIyUjVQZ29LUEdObGJuUmxjajRLUEhSaFlteGxJSGRwWkhSb1BTSTRNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJZ1FrZERUMHhQVWowalF6TkVPVVpHUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDanhJTVQ1VWFHVWdRbTlrWjJWSmRDQlRkRzl5WlR3dlNERStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlYQ0p1YjJKdmNtUmxjbHdpUGdvOGRISWdRa2REVDB4UFVqMGpRek5FT1VaR1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqTXdKU0krSm01aWMzQTdQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJME1DVWlQbGRsSUdKdlpHZGxJR2wwTENCemJ5QjViM1VnWkc5dWRDQm9ZWFpsSUhSdklUd3ZkR1ErQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElpQnpkSGxzWlQwaWRHVjRkQzFoYkdsbmJqb2djbWxuYUhRaUlENEtWWE5sY2pvZ1BHRWdhSEpsWmowaWNHRnpjM2R2Y21RdWFuTndJajUwWlhOMFFIUmxjM1F1WTI5dFhWMCtQanc4TDJFK0NnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHZkWFF1YW5Od0lqNU1iMmR2ZFhROEwyRStDZ284TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0ppWVhOclpYUXVhbk53SWo1WmIzVnlJRUpoYzJ0bGREd3ZZVDQ4TDNSa1Bnb0tQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0p6WldGeVkyZ3Vhbk53SWo1VFpXRnlZMmc4TDJFK1BDOTBaRDRLUEM5MGNqNEtQSFJ5UGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ1kyOXNjM0JoYmowaU5pSStDangwWVdKc1pTQjNhV1IwYUQwaU1UQXdKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSnNaV1owSWlCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqSTFKU0krQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMklqNUViMjlrWVdoelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDFJajVIYVhwdGIzTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVE1pUGxSb2FXNW5ZVzFoYW1sbmN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNaUkrVkdocGJtZHBaWE04TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRjaVBsZG9ZWFJqYUdGdFlXTmhiR3hwZEhNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUUWlQbGRvWVhSemFYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB4SWo1WGFXUm5aWFJ6UEM5aFBqeGljaTgrQ2dvOFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NEtQQzkwWkQ0S1BIUmtJSFpoYkdsbmJqMGlkRzl3SWlCM2FXUjBhRDBpTnpBbElqNEtDanhvTXo1VFpXRnlZMmc4TDJnelBnbzhabTl1ZENCemFYcGxQU0l0TVNJK0NnbzhSazlTVFNCdVlXMWxQU2R4ZFdWeWVTY2diV1YwYUc5a1BTZEhSVlFuUGdvOGRHRmliR1UrQ2p4MGNqNDhkR1ErVTJWaGNtTm9JR1p2Y2p3dmRHUStQSFJrUGp4cGJuQjFkQ0IwZVhCbFBTZDBaWGgwSnlCdVlXMWxQU2R4Sno0OEwzUmtQand2ZEdRK0NqeDBjajQ4ZEdRK1BDOTBaRDQ4ZEdRK1BHbHVjSFYwSUhSNWNHVTlKM04xWW0xcGRDY2dkbUZzZFdVOUoxTmxZWEpqYUNjdlBqd3ZkR1ErUEM5MFpENEtQSFJ5UGp4MFpENDhMM1JrUGp4MFpENDhZU0JvY21WbVBTZGhaSFpoYm1ObFpDNXFjM0FuSUhOMGVXeGxQU2RtYjI1MExYTnBlbVU2T1hCME95YytRV1IyWVc1alpXUWdVMlZoY21Ob1BDOWhQand2ZEdRK1BDOTBaRDRLUEM5MFlXSnNaVDRLUEM5bWIzSnRQZ29LUEM5bWIyNTBQZ284TDNSa1BnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMMk5sYm5SbGNqNEtQQzlpYjJSNVBnbzhMMmgwYld3K0NnPT0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 104,
- "fields": {
- "finding": 347,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwyeHZaMmx1TG1wemNDQklWRlJRTHpFdU1RMEtTRzl6ZERvZ2JHOWpZV3hvYjNOME9qZzRPRGdOQ2xWelpYSXRRV2RsYm5RNklFMXZlbWxzYkdFdk5TNHdJQ2hOWVdOcGJuUnZjMmc3SUVsdWRHVnNJRTFoWXlCUFV5QllJREV3TGpFeE95Qnlkam8wTnk0d0tTQkhaV05yYnk4eU1ERXdNREV3TVNCR2FYSmxabTk0THpRM0xqQU5Da0ZqWTJWd2REb2dkR1Y0ZEM5b2RHMXNMR0Z3Y0d4cFkyRjBhVzl1TDNob2RHMXNLM2h0YkN4aGNIQnNhV05oZEdsdmJpOTRiV3c3Y1Qwd0xqa3NLaThxTzNFOU1DNDREUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1TFZWVExHVnVPM0U5TUM0MURRcEJZMk5sY0hRdFJXNWpiMlJwYm1jNklHZDZhWEFzSUdSbFpteGhkR1VOQ2xKbFptVnlaWEk2SUdoMGRIQTZMeTlzYjJOaGJHaHZjM1E2T0RnNE9DOWliMlJuWldsMEx3MEtRMjl2YTJsbE9pQktVMFZUVTBsUFRrbEVQVFpGT1RVM04wRXhOa0pCUXpZeE9URXpSRVU1TjBFNE9EZEJSRFl3TWpjMURRcERiMjV1WldOMGFXOXVPaUJqYkc5elpRMEtEUW89",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTJNZzBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T0RvMU55QkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnMEtEUW9OQ2cwS0Nnb0tDandoUkU5RFZGbFFSU0JJVkUxTUlGQlZRa3hKUXlBaUxTOHZWek5ETHk5RVZFUWdTRlJOVENBekxqSXZMMFZPSWo0S1BHaDBiV3crQ2p4b1pXRmtQZ284ZEdsMGJHVStWR2hsSUVKdlpHZGxTWFFnVTNSdmNtVThMM1JwZEd4bFBnbzhiR2x1YXlCb2NtVm1QU0p6ZEhsc1pTNWpjM01pSUhKbGJEMGljM1I1YkdWemFHVmxkQ0lnZEhsd1pUMGlkR1Y0ZEM5amMzTWlJQzgrQ2p4elkzSnBjSFFnZEhsd1pUMGlkR1Y0ZEM5cVlYWmhjMk55YVhCMElpQnpjbU05SWk0dmFuTXZkWFJwYkM1cWN5SStQQzl6WTNKcGNIUStDand2YUdWaFpENEtQR0p2WkhrK0NnbzhZMlZ1ZEdWeVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpnd0pTSWdZMnhoYzNNOUltSnZjbVJsY2lJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUJqYjJ4emNHRnVQU0kySWo0S1BFZ3hQbFJvWlNCQ2IyUm5aVWwwSUZOMGIzSmxQQzlJTVQ0S1BIUmhZbXhsSUhkcFpIUm9QU0l4TURBbElpQmpiR0Z6Y3oxY0ltNXZZbTl5WkdWeVhDSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTXpBbElqNG1ibUp6Y0RzOEwzUmtQZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJalF3SlNJK1YyVWdZbTlrWjJVZ2FYUXNJSE52SUhsdmRTQmtiMjUwSUdoaGRtVWdkRzhoUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXpNQ1VpSUhOMGVXeGxQU0owWlhoMExXRnNhV2R1T2lCeWFXZG9kQ0lnUGdwSGRXVnpkQ0IxYzJWeUNnbzhMM1J5UGdvOEwzUmhZbXhsUGdvOEwzUmtQZ284TDNSeVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWFHOXRaUzVxYzNBaVBraHZiV1U4TDJFK1BDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l4TmlVaUlFSkhRMDlNVDFJOUkwVkZSVVZGUlQ0OFlTQm9jbVZtUFNKaFltOTFkQzVxYzNBaVBrRmliM1YwSUZWelBDOWhQand2ZEdRK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQanhoSUdoeVpXWTlJbU52Ym5SaFkzUXVhbk53SWo1RGIyNTBZV04wSUZWelBDOWhQand2ZEdRK0Nqd2hMUzBnZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJK1BHRWdhSEpsWmowaVlXUnRhVzR1YW5Od0lqNUJaRzFwYmp3dllUNDhMM1JrTFMwK0NnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0lnUWtkRFQweFBVajBqUlVWRlJVVkZQZ29LQ1FrOFlTQm9jbVZtUFNKc2IyZHBiaTVxYzNBaVBreHZaMmx1UEM5aFBnb0tQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlZbUZ6YTJWMExtcHpjQ0krV1c5MWNpQkNZWE5yWlhROEwyRStQQzkwWkQ0S0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGljMlZoY21Ob0xtcHpjQ0krVTJWaGNtTm9QQzloUGp3dmRHUStDand2ZEhJK0NqeDBjajRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUdOdmJITndZVzQ5SWpZaVBnbzhkR0ZpYkdVZ2QybGtkR2c5SWpFd01DVWlJR05zWVhOelBTSmliM0prWlhJaVBnbzhkSEkrQ2p4MFpDQmhiR2xuYmowaWJHVm1kQ0lnZG1Gc2FXZHVQU0owYjNBaUlIZHBaSFJvUFNJeU5TVWlQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TmlJK1JHOXZaR0ZvY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5TSStSMmw2Ylc5elBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMHpJajVVYUdsdVoyRnRZV3BwWjNNOEwyRStQR0p5THo0S1BHRWdhSEpsWmowaWNISnZaSFZqZEM1cWMzQS9kSGx3Wldsa1BUSWlQbFJvYVc1bmFXVnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAzSWo1WGFHRjBZMmhoYldGallXeHNhWFJ6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwMElqNVhhR0YwYzJsMGN6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlNU0krVjJsa1oyVjBjend2WVQ0OFluSXZQZ29LUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K0Nqd3ZkR1ErQ2p4MFpDQjJZV3hwWjI0OUluUnZjQ0lnZDJsa2RHZzlJamN3SlNJK0NnMEtEUW84YURNK1RHOW5hVzQ4TDJnelBnMEtVR3hsWVhObElHVnVkR1Z5SUhsdmRYSWdZM0psWkdWdWRHbGhiSE02SUR4aWNpOCtQR0p5THo0TkNqeG1iM0p0SUcxbGRHaHZaRDBpVUU5VFZDSStEUW9KUEdObGJuUmxjajROQ2drOGRHRmliR1UrRFFvSlBIUnlQZzBLQ1FrOGRHUStWWE5sY201aGJXVTZQQzkwWkQ0TkNna0pQSFJrUGp4cGJuQjFkQ0JwWkQwaWRYTmxjbTVoYldVaUlHNWhiV1U5SW5WelpYSnVZVzFsSWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4ZEhJK0RRb0pDVHgwWkQ1UVlYTnpkMjl5WkRvOEwzUmtQZzBLQ1FrOGRHUStQR2x1Y0hWMElHbGtQU0p3WVhOemQyOXlaQ0lnYm1GdFpUMGljR0Z6YzNkdmNtUWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErRFFvSlBDOTBjajROQ2drOGRISStEUW9KQ1R4MFpENDhMM1JrUGcwS0NRazhkR1ErUEdsdWNIVjBJR2xrUFNKemRXSnRhWFFpSUhSNWNHVTlJbk4xWW0xcGRDSWdkbUZzZFdVOUlreHZaMmx1SWo0OEwybHVjSFYwUGp3dmRHUStEUW9KUEM5MGNqNE5DZ2s4TDNSaFlteGxQZzBLQ1R3dlkyVnVkR1Z5UGcwS1BDOW1iM0p0UGcwS1NXWWdlVzkxSUdSdmJuUWdhR0YyWlNCaGJpQmhZMk52ZFc1MElIZHBkR2dnZFhNZ2RHaGxiaUJ3YkdWaGMyVWdQR0VnYUhKbFpqMGljbVZuYVhOMFpYSXVhbk53SWo1U1pXZHBjM1JsY2p3dllUNGdibTkzSUdadmNpQmhJR1p5WldVZ1lXTmpiM1Z1ZEM0TkNqeGljaTgrUEdKeUx6NE5DZzBLUEM5MFpENEtQQzkwY2o0S1BDOTBZV0pzWlQ0S1BDOTBaRDRLUEM5MGNqNEtQQzkwWVdKc1pUNEtQQzlqWlc1MFpYSStDand2WW05a2VUNEtQQzlvZEcxc1Bnb05DZzBL"
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 105,
- "fields": {
- "finding": 347,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzSmxaMmx6ZEdWeUxtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNsVnpaWEl0UVdkbGJuUTZJRTF2ZW1sc2JHRXZOUzR3SUNoTllXTnBiblJ2YzJnN0lFbHVkR1ZzSUUxaFl5QlBVeUJZSURFd0xqRXhPeUJ5ZGpvME55NHdLU0JIWldOcmJ5OHlNREV3TURFd01TQkdhWEpsWm05NEx6UTNMakFOQ2tGalkyVndkRG9nZEdWNGRDOW9kRzFzTEdGd2NHeHBZMkYwYVc5dUwzaG9kRzFzSzNodGJDeGhjSEJzYVdOaGRHbHZiaTk0Yld3N2NUMHdMamtzS2k4cU8zRTlNQzQ0RFFwQlkyTmxjSFF0VEdGdVozVmhaMlU2SUdWdUxWVlRMR1Z1TzNFOU1DNDFEUXBCWTJObGNIUXRSVzVqYjJScGJtYzZJR2Q2YVhBc0lHUmxabXhoZEdVTkNsSmxabVZ5WlhJNklHaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EZzRPQzlpYjJSblpXbDBMMnh2WjJsdUxtcHpjQTBLUTI5dmEybGxPaUJLVTBWVFUwbFBUa2xFUFRaRk9UVTNOMEV4TmtKQlF6WXhPVEV6UkVVNU4wRTRPRGRCUkRZd01qYzFEUXBEYjI1dVpXTjBhVzl1T2lCamJHOXpaUTBLRFFvPQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qUTROUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam93T1Rvd01TQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2dvS0Nqd2hSRTlEVkZsUVJTQklWRTFNSUZCVlFreEpReUFpTFM4dlZ6TkRMeTlFVkVRZ1NGUk5UQ0F6TGpJdkwwVk9JajRLUEdoMGJXdytDanhvWldGa1BnbzhkR2wwYkdVK1ZHaGxJRUp2WkdkbFNYUWdVM1J2Y21VOEwzUnBkR3hsUGdvOGJHbHVheUJvY21WbVBTSnpkSGxzWlM1amMzTWlJSEpsYkQwaWMzUjViR1Z6YUdWbGRDSWdkSGx3WlQwaWRHVjRkQzlqYzNNaUlDOCtDanh6WTNKcGNIUWdkSGx3WlQwaWRHVjRkQzlxWVhaaGMyTnlhWEIwSWlCemNtTTlJaTR2YW5NdmRYUnBiQzVxY3lJK1BDOXpZM0pwY0hRK0Nqd3ZhR1ZoWkQ0S1BHSnZaSGsrQ2dvOFkyVnVkR1Z5UGdvOGRHRmliR1VnZDJsa2RHZzlJamd3SlNJZ1kyeGhjM005SW1KdmNtUmxjaUkrQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQmpiMnh6Y0dGdVBTSTJJajRLUEVneFBsUm9aU0JDYjJSblpVbDBJRk4wYjNKbFBDOUlNVDRLUEhSaFlteGxJSGRwWkhSb1BTSXhNREFsSWlCamJHRnpjejFjSW01dlltOXlaR1Z5WENJK0NqeDBjaUJDUjBOUFRFOVNQU05ETTBRNVJrWStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNekFsSWo0bWJtSnpjRHM4TDNSa1BnbzhkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqUXdKU0krVjJVZ1ltOWtaMlVnYVhRc0lITnZJSGx2ZFNCa2IyNTBJR2hoZG1VZ2RHOGhQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJek1DVWlJSE4wZVd4bFBTSjBaWGgwTFdGc2FXZHVPaUJ5YVdkb2RDSWdQZ3BIZFdWemRDQjFjMlZ5Q2dvOEwzUnlQZ284TDNSaFlteGxQZ284TDNSa1BnbzhMM1J5UGdvOGRISStDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYUc5dFpTNXFjM0FpUGtodmJXVThMMkUrUEM5MFpENEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJSGRwWkhSb1BTSXhOaVVpSUVKSFEwOU1UMUk5STBWRlJVVkZSVDQ4WVNCb2NtVm1QU0poWW05MWRDNXFjM0FpUGtGaWIzVjBJRlZ6UEM5aFBqd3ZkR1ErQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBqeGhJR2h5WldZOUltTnZiblJoWTNRdWFuTndJajVEYjI1MFlXTjBJRlZ6UEM5aFBqd3ZkR1ErQ2p3aExTMGdkR1FnWVd4cFoyNDlJbU5sYm5SbGNpSWdkMmxrZEdnOUlqRTJKU0krUEdFZ2FISmxaajBpWVdSdGFXNHVhbk53SWo1QlpHMXBiand2WVQ0OEwzUmtMUzArQ2dvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSWdRa2REVDB4UFVqMGpSVVZGUlVWRlBnb0tDUWs4WVNCb2NtVm1QU0pzYjJkcGJpNXFjM0FpUGt4dloybHVQQzloUGdvS1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaVltRnphMlYwTG1wemNDSStXVzkxY2lCQ1lYTnJaWFE4TDJFK1BDOTBaRDRLQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCM2FXUjBhRDBpTVRZbElpQkNSME5QVEU5U1BTTkZSVVZGUlVVK1BHRWdhSEpsWmowaWMyVmhjbU5vTG1wemNDSStVMlZoY21Ob1BDOWhQand2ZEdRK0Nqd3ZkSEkrQ2p4MGNqNEtQSFJrSUdGc2FXZHVQU0pqWlc1MFpYSWlJR052YkhOd1lXNDlJallpUGdvOGRHRmliR1VnZDJsa2RHZzlJakV3TUNVaUlHTnNZWE56UFNKaWIzSmtaWElpUGdvOGRISStDangwWkNCaGJHbG5iajBpYkdWbWRDSWdkbUZzYVdkdVBTSjBiM0FpSUhkcFpIUm9QU0l5TlNVaVBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOaUkrUkc5dlpHRm9jend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TlNJK1IybDZiVzl6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQweklqNVVhR2x1WjJGdFlXcHBaM004TDJFK1BHSnlMejRLUEdFZ2FISmxaajBpY0hKdlpIVmpkQzVxYzNBL2RIbHdaV2xrUFRJaVBsUm9hVzVuYVdWelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDNJajVYYUdGMFkyaGhiV0ZqWVd4c2FYUnpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDAwSWo1WGFHRjBjMmwwY3p3dllUNDhZbkl2UGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU1TSStWMmxrWjJWMGN6d3ZZVDQ4WW5JdlBnb0tQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrQ2p3dmRHUStDangwWkNCMllXeHBaMjQ5SW5SdmNDSWdkMmxrZEdnOUlqY3dKU0krQ2dvOGFETStVbVZuYVhOMFpYSThMMmd6UGdvS0NsQnNaV0Z6WlNCbGJuUmxjaUIwYUdVZ1ptOXNiRzkzYVc1bklHUmxkR0ZwYkhNZ2RHOGdjbVZuYVhOMFpYSWdkMmwwYUNCMWN6b2dQR0p5THo0OFluSXZQZ284Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpUGdvSlBHTmxiblJsY2o0S0NUeDBZV0pzWlQ0S0NUeDBjajRLQ1FrOGRHUStWWE5sY201aGJXVWdLSGx2ZFhJZ1pXMWhhV3dnWVdSa2NtVnpjeWs2UEM5MFpENEtDUWs4ZEdRK1BHbHVjSFYwSUdsa1BTSjFjMlZ5Ym1GdFpTSWdibUZ0WlQwaWRYTmxjbTVoYldVaVBqd3ZhVzV3ZFhRK1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGxCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXhJaUJ1WVcxbFBTSndZWE56ZDI5eVpERWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ1RGIyNW1hWEp0SUZCaGMzTjNiM0prT2p3dmRHUStDZ2tKUEhSa1BqeHBibkIxZENCcFpEMGljR0Z6YzNkdmNtUXlJaUJ1WVcxbFBTSndZWE56ZDI5eVpESWlJSFI1Y0dVOUluQmhjM04zYjNKa0lqNDhMMmx1Y0hWMFBqd3ZkR1ErQ2drOEwzUnlQZ29KUEhSeVBnb0pDVHgwWkQ0OEwzUmtQZ29KQ1R4MFpENDhhVzV3ZFhRZ2FXUTlJbk4xWW0xcGRDSWdkSGx3WlQwaWMzVmliV2wwSWlCMllXeDFaVDBpVW1WbmFYTjBaWElpUGp3dmFXNXdkWFErUEM5MFpENEtDVHd2ZEhJK0NnazhMM1JoWW14bFBnb0pQQzlqWlc1MFpYSStDand2Wm05eWJUNEtDand2ZEdRK0Nqd3ZkSEkrQ2p3dmRHRmliR1UrQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZZMlZ1ZEdWeVBnbzhMMkp2WkhrK0Nqd3ZhSFJ0YkQ0S0Nnbz0="
- }
-},
-{
- "model": "dojo.burprawrequestresponse",
- "pk": 106,
- "fields": {
- "finding": 347,
- "burpRequestBase64": "UjBWVUlDOWliMlJuWldsMEwzQmhjM04zYjNKa0xtcHpjQ0JJVkZSUUx6RXVNUTBLU0c5emREb2diRzlqWVd4b2IzTjBPamc0T0RnTkNrRmpZMlZ3ZERvZ0tpOHFEUXBCWTJObGNIUXRUR0Z1WjNWaFoyVTZJR1Z1RFFwVmMyVnlMVUZuWlc1ME9pQk5iM3BwYkd4aEx6VXVNQ0FvWTI5dGNHRjBhV0pzWlRzZ1RWTkpSU0E1TGpBN0lGZHBibVJ2ZDNNZ1RsUWdOaTR4T3lCWGFXNDJORHNnZURZME95QlVjbWxrWlc1MEx6VXVNQ2tOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFwU1pXWmxjbVZ5T2lCb2RIUndPaTh2Ykc5allXeG9iM04wT2pnNE9EZ3ZZbTlrWjJWcGRDOXlaV2RwYzNSbGNpNXFjM0FOQ2tOdmIydHBaVG9nU2xORlUxTkpUMDVKUkQwMlJUazFOemRCTVRaQ1FVTTJNVGt4TTBSRk9UZEJPRGczUVVRMk1ESTNOVHNnWWw5cFpEMHlEUW9OQ2c9PQ==",
- "burpResponseBase64": "U0ZSVVVDOHhMakVnTWpBd0lBMEtVMlZ5ZG1WeU9pQkJjR0ZqYUdVdFEyOTViM1JsTHpFdU1RMEtRMjl1ZEdWdWRDMVVlWEJsT2lCMFpYaDBMMmgwYld3N1kyaGhjbk5sZEQxSlUwOHRPRGcxT1MweERRcERiMjUwWlc1MExVeGxibWQwYURvZ01qTTRPUTBLUkdGMFpUb2dVMkYwTENBeU55QkJkV2NnTWpBeE5pQXdNam94TVRvMU1pQkhUVlFOQ2tOdmJtNWxZM1JwYjI0NklHTnNiM05sRFFvTkNnb0tDZ29LQ2p3aFJFOURWRmxRUlNCSVZFMU1JRkJWUWt4SlF5QWlMUzh2VnpOREx5OUVWRVFnU0ZSTlRDQXpMakl2TDBWT0lqNEtQR2gwYld3K0NqeG9aV0ZrUGdvOGRHbDBiR1UrVkdobElFSnZaR2RsU1hRZ1UzUnZjbVU4TDNScGRHeGxQZ284YkdsdWF5Qm9jbVZtUFNKemRIbHNaUzVqYzNNaUlISmxiRDBpYzNSNWJHVnphR1ZsZENJZ2RIbHdaVDBpZEdWNGRDOWpjM01pSUM4K0NqeHpZM0pwY0hRZ2RIbHdaVDBpZEdWNGRDOXFZWFpoYzJOeWFYQjBJaUJ6Y21NOUlpNHZhbk12ZFhScGJDNXFjeUkrUEM5elkzSnBjSFErQ2p3dmFHVmhaRDRLUEdKdlpIaytDZ284WTJWdWRHVnlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqZ3dKU0lnWTJ4aGMzTTlJbUp2Y21SbGNpSStDangwY2lCQ1IwTlBURTlTUFNORE0wUTVSa1krQ2p4MFpDQmhiR2xuYmowaVkyVnVkR1Z5SWlCamIyeHpjR0Z1UFNJMklqNEtQRWd4UGxSb1pTQkNiMlJuWlVsMElGTjBiM0psUEM5SU1UNEtQSFJoWW14bElIZHBaSFJvUFNJeE1EQWxJaUJqYkdGemN6MWNJbTV2WW05eVpHVnlYQ0krQ2p4MGNpQkNSME5QVEU5U1BTTkRNMFE1UmtZK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU16QWxJajRtYm1KemNEczhMM1JrUGdvOGRHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpRd0pTSStWMlVnWW05a1oyVWdhWFFzSUhOdklIbHZkU0JrYjI1MElHaGhkbVVnZEc4aFBDOTBaRDRLUEhSa0lHRnNhV2R1UFNKalpXNTBaWElpSUhkcFpIUm9QU0l6TUNVaUlITjBlV3hsUFNKMFpYaDBMV0ZzYVdkdU9pQnlhV2RvZENJZ1BncEhkV1Z6ZENCMWMyVnlDZ284TDNSeVBnbzhMM1JoWW14bFBnbzhMM1JrUGdvOEwzUnlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGlZMlZ1ZEdWeUlpQjNhV1IwYUQwaU1UWWxJaUJDUjBOUFRFOVNQU05GUlVWRlJVVStQR0VnYUhKbFpqMGlhRzl0WlM1cWMzQWlQa2h2YldVOEwyRStQQzkwWkQ0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlIZHBaSFJvUFNJeE5pVWlJRUpIUTA5TVQxSTlJMFZGUlVWRlJUNDhZU0JvY21WbVBTSmhZbTkxZEM1cWMzQWlQa0ZpYjNWMElGVnpQQzloUGp3dmRHUStDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGp4aElHaHlaV1k5SW1OdmJuUmhZM1F1YW5Od0lqNURiMjUwWVdOMElGVnpQQzloUGp3dmRHUStDandoTFMwZ2RHUWdZV3hwWjI0OUltTmxiblJsY2lJZ2QybGtkR2c5SWpFMkpTSStQR0VnYUhKbFpqMGlZV1J0YVc0dWFuTndJajVCWkcxcGJqd3ZZVDQ4TDNSa0xTMCtDZ284ZEdRZ1lXeHBaMjQ5SW1ObGJuUmxjaUlnZDJsa2RHZzlJakUySlNJZ1FrZERUMHhQVWowalJVVkZSVVZGUGdvS0NRazhZU0JvY21WbVBTSnNiMmRwYmk1cWMzQWlQa3h2WjJsdVBDOWhQZ29LUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpWW1GemEyVjBMbXB6Y0NJK1dXOTFjaUJDWVhOclpYUThMMkUrUEM5MFpENEtDangwWkNCaGJHbG5iajBpWTJWdWRHVnlJaUIzYVdSMGFEMGlNVFlsSWlCQ1IwTlBURTlTUFNORlJVVkZSVVUrUEdFZ2FISmxaajBpYzJWaGNtTm9MbXB6Y0NJK1UyVmhjbU5vUEM5aFBqd3ZkR1ErQ2p3dmRISStDangwY2o0S1BIUmtJR0ZzYVdkdVBTSmpaVzUwWlhJaUlHTnZiSE53WVc0OUlqWWlQZ284ZEdGaWJHVWdkMmxrZEdnOUlqRXdNQ1VpSUdOc1lYTnpQU0ppYjNKa1pYSWlQZ284ZEhJK0NqeDBaQ0JoYkdsbmJqMGliR1ZtZENJZ2RtRnNhV2R1UFNKMGIzQWlJSGRwWkhSb1BTSXlOU1VpUGdvOFlTQm9jbVZtUFNKd2NtOWtkV04wTG1wemNEOTBlWEJsYVdROU5pSStSRzl2WkdGb2N6d3ZZVDQ4WW5JdlBnbzhZU0JvY21WbVBTSndjbTlrZFdOMExtcHpjRDkwZVhCbGFXUTlOU0krUjJsNmJXOXpQQzloUGp4aWNpOCtDanhoSUdoeVpXWTlJbkJ5YjJSMVkzUXVhbk53UDNSNWNHVnBaRDB6SWo1VWFHbHVaMkZ0WVdwcFozTThMMkUrUEdKeUx6NEtQR0VnYUhKbFpqMGljSEp2WkhWamRDNXFjM0EvZEhsd1pXbGtQVElpUGxSb2FXNW5hV1Z6UEM5aFBqeGljaTgrQ2p4aElHaHlaV1k5SW5CeWIyUjFZM1F1YW5Od1AzUjVjR1ZwWkQwM0lqNVhhR0YwWTJoaGJXRmpZV3hzYVhSelBDOWhQanhpY2k4K0NqeGhJR2h5WldZOUluQnliMlIxWTNRdWFuTndQM1I1Y0dWcFpEMDBJajVYYUdGMGMybDBjend2WVQ0OFluSXZQZ284WVNCb2NtVm1QU0p3Y205a2RXTjBMbXB6Y0Q5MGVYQmxhV1E5TVNJK1YybGtaMlYwY3p3dllUNDhZbkl2UGdvS1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtQR0p5THo0OFluSXZQanhpY2k4K1BHSnlMejQ4WW5JdlBqeGljaTgrUEdKeUx6NDhZbkl2UGp4aWNpOCtDand2ZEdRK0NqeDBaQ0IyWVd4cFoyNDlJblJ2Y0NJZ2QybGtkR2c5SWpjd0pTSStDZ29LQ2p4b016NVpiM1Z5SUhCeWIyWnBiR1U4TDJnelBnb0tRMmhoYm1kbElIbHZkWElnY0dGemMzZHZjbVE2SUR4aWNpOCtQR0p5THo0S1BHWnZjbTBnYldWMGFHOWtQU0pRVDFOVUlqNEtDVHhqWlc1MFpYSStDZ2s4ZEdGaWJHVStDZ2s4ZEhJK0Nna0pQSFJrUGs1aGJXVThMM1JrUGdvSkNUeDBaRDV1ZFd4c1BDOTBaRDRLQ1R3dmRISStDZ2s4ZEhJK0Nna0pQSFJrUGs1bGR5QlFZWE56ZDI5eVpEbzhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5CaGMzTjNiM0prTVNJZ2JtRnRaVDBpY0dGemMzZHZjbVF4SWlCMGVYQmxQU0p3WVhOemQyOXlaQ0krUEM5cGJuQjFkRDQ4TDNSa1Bnb0pQQzkwY2o0S0NUeDBjajRLQ1FrOGRHUStVbVZ3WldGMElGQmhjM04zYjNKa09qd3ZkR1ErQ2drSlBIUmtQanhwYm5CMWRDQnBaRDBpY0dGemMzZHZjbVF5SWlCdVlXMWxQU0p3WVhOemQyOXlaRElpSUhSNWNHVTlJbkJoYzNOM2IzSmtJajQ4TDJsdWNIVjBQand2ZEdRK0NnazhMM1J5UGdvSlBIUnlQZ29KQ1R4MFpENDhMM1JrUGdvSkNUeDBaRDQ4YVc1d2RYUWdhV1E5SW5OMVltMXBkQ0lnZEhsd1pUMGljM1ZpYldsMElpQjJZV3gxWlQwaVUzVmliV2wwSWo0OEwybHVjSFYwUGp3dmRHUStDZ2s4TDNSeVBnb0pQQzkwWVdKc1pUNEtDVHd2WTJWdWRHVnlQZ284TDJadmNtMCtDZ29LQ2p3dmRHUStDand2ZEhJK0Nqd3ZkR0ZpYkdVK0Nqd3ZkR1ErQ2p3dmRISStDand2ZEdGaWJHVStDand2WTJWdWRHVnlQZ284TDJKdlpIaytDand2YUhSdGJENEtDZ289"
- }
-},
-{
- "model": "dojo.risk_acceptance",
- "pk": 1,
- "fields": {
- "name": "Simple Builtin Risk Acceptance",
- "recommendation": "F",
- "recommendation_details": null,
- "decision": "A",
- "decision_details": "These findings are accepted using a simple risk acceptance without expiration date, approval document or compensating control information. Unaccept and use full risk acceptance if you need to have more control over those fields.",
- "accepted_by": null,
- "path": "",
- "owner": 1,
- "expiration_date": null,
- "expiration_date_warned": null,
- "expiration_date_handled": null,
- "reactivate_expired": true,
- "restart_sla_expired": false,
- "created": "2024-01-29T15:35:18.089Z",
- "updated": "2024-01-29T15:35:18.089Z",
- "accepted_findings": [
- 2
- ],
- "notes": []
- }
-},
-{
- "model": "dojo.jira_instance",
- "pk": 2,
- "fields": {
- "configuration_name": "Happy little JIRA 2",
- "url": "http://www.testjira.com",
- "username": "user1",
- "password": "user1",
- "default_issue_type": "Task",
- "issue_template_dir": null,
- "epic_name_id": 111,
- "open_status_key": 111,
- "close_status_key": 112,
- "info_mapping_severity": "Trivial",
- "low_mapping_severity": "test severity",
- "medium_mapping_severity": "test severity",
- "high_mapping_severity": "test severity",
- "critical_mapping_severity": "test severity",
- "finding_text": "",
- "accepted_mapping_resolution": null,
- "false_positive_mapping_resolution": null,
- "global_jira_sla_notification": false,
- "finding_jira_sync": false
- }
-},
-{
- "model": "dojo.jira_instance",
- "pk": 3,
- "fields": {
- "configuration_name": "Happy little JIRA 3",
- "url": "http://www.testjira.com",
- "username": "user2",
- "password": "user2",
- "default_issue_type": "Task",
- "issue_template_dir": null,
- "epic_name_id": 222,
- "open_status_key": 222,
- "close_status_key": 223,
- "info_mapping_severity": "Trivial",
- "low_mapping_severity": "test severity",
- "medium_mapping_severity": "test severity",
- "high_mapping_severity": "test severity",
- "critical_mapping_severity": "test severity",
- "finding_text": "",
- "accepted_mapping_resolution": null,
- "false_positive_mapping_resolution": null,
- "global_jira_sla_notification": false,
- "finding_jira_sync": false
- }
-},
-{
- "model": "dojo.jira_instance",
- "pk": 4,
- "fields": {
- "configuration_name": "Happy little JIRA 4",
- "url": "http://www.testjira.com",
- "username": "user3",
- "password": "user3",
- "default_issue_type": "Spike",
- "issue_template_dir": null,
- "epic_name_id": 333,
- "open_status_key": 333,
- "close_status_key": 334,
- "info_mapping_severity": "Trivial",
- "low_mapping_severity": "test severity",
- "medium_mapping_severity": "test severity",
- "high_mapping_severity": "test severity",
- "critical_mapping_severity": "test severity",
- "finding_text": "",
- "accepted_mapping_resolution": null,
- "false_positive_mapping_resolution": null,
- "global_jira_sla_notification": false,
- "finding_jira_sync": false
- }
-},
-{
- "model": "dojo.jira_project",
- "pk": 1,
- "fields": {
- "jira_instance": 2,
- "project_key": "key1",
- "product": 1,
- "issue_template_dir": null,
- "engagement": null,
- "component": "",
- "custom_fields": null,
- "default_assignee": null,
- "jira_labels": null,
- "add_vulnerability_id_to_jira_label": false,
- "push_all_issues": false,
- "enable_engagement_epic_mapping": true,
- "epic_issue_type_name": "Epic",
- "push_notes": false,
- "product_jira_sla_notification": false,
- "risk_acceptance_expiration_notification": false,
- "enabled": true
- }
-},
-{
- "model": "dojo.jira_project",
- "pk": 2,
- "fields": {
- "jira_instance": 3,
- "project_key": "key2",
- "product": 2,
- "issue_template_dir": null,
- "engagement": null,
- "component": "",
- "custom_fields": null,
- "default_assignee": null,
- "jira_labels": null,
- "add_vulnerability_id_to_jira_label": false,
- "push_all_issues": true,
- "enable_engagement_epic_mapping": true,
- "epic_issue_type_name": "Epic",
- "push_notes": true,
- "product_jira_sla_notification": false,
- "risk_acceptance_expiration_notification": false,
- "enabled": true
- }
-},
-{
- "model": "dojo.jira_project",
- "pk": 3,
- "fields": {
- "jira_instance": 4,
- "project_key": "key3",
- "product": 3,
- "issue_template_dir": null,
- "engagement": null,
- "component": "",
- "custom_fields": null,
- "default_assignee": null,
- "jira_labels": null,
- "add_vulnerability_id_to_jira_label": false,
- "push_all_issues": false,
- "enable_engagement_epic_mapping": false,
- "epic_issue_type_name": "Epic",
- "push_notes": false,
- "product_jira_sla_notification": false,
- "risk_acceptance_expiration_notification": false,
- "enabled": true
- }
-},
-{
- "model": "dojo.jira_issue",
- "pk": 2,
- "fields": {
- "jira_project": null,
- "jira_id": "2",
- "jira_key": "222",
- "finding": 5,
- "engagement": 3,
- "finding_group": null,
- "jira_creation": null,
- "jira_change": null
- }
-},
-{
- "model": "dojo.jira_issue",
- "pk": 3,
- "fields": {
- "jira_project": null,
- "jira_id": "3",
- "jira_key": "333",
- "finding": 6,
- "engagement": 1,
- "finding_group": null,
- "jira_creation": null,
- "jira_change": null
- }
-},
-{
- "model": "dojo.notifications",
- "pk": 1,
- "fields": {
- "product_type_added": "alert,alert",
- "product_added": "alert,alert",
- "engagement_added": "alert,alert",
- "test_added": "alert,alert",
- "scan_added": "alert,alert",
- "scan_added_empty": "",
- "jira_update": "alert,alert",
- "upcoming_engagement": "alert,alert",
- "stale_engagement": "alert,alert",
- "auto_close_engagement": "alert,alert",
- "close_engagement": "alert,alert",
- "user_mentioned": "alert,alert",
- "code_review": "alert,alert",
- "review_requested": "alert,alert",
- "other": "alert,alert",
- "user": 1,
- "product": null,
- "template": false,
- "sla_breach": "alert,alert",
- "risk_acceptance_expiration": "alert,alert",
- "sla_breach_combined": "alert,alert"
- }
-},
-{
- "model": "dojo.notifications",
- "pk": 2,
- "fields": {
- "product_type_added": "alert,alert",
- "product_added": "alert,alert",
- "engagement_added": "alert,alert",
- "test_added": "alert,alert",
- "scan_added": "alert,alert",
- "scan_added_empty": "",
- "jira_update": "alert,alert",
- "upcoming_engagement": "alert,alert",
- "stale_engagement": "alert,alert",
- "auto_close_engagement": "alert,alert",
- "close_engagement": "alert,alert",
- "user_mentioned": "alert,alert",
- "code_review": "alert,alert",
- "review_requested": "alert,alert",
- "other": "alert,alert",
- "user": 2,
- "product": null,
- "template": false,
- "sla_breach": "alert,alert",
- "risk_acceptance_expiration": "alert,alert",
- "sla_breach_combined": "alert,alert"
- }
-},
-{
- "model": "dojo.notifications",
- "pk": 3,
- "fields": {
- "product_type_added": "alert,alert",
- "product_added": "alert,alert",
- "engagement_added": "alert,alert",
- "test_added": "alert,alert",
- "scan_added": "alert,alert",
- "scan_added_empty": "",
- "jira_update": "alert,alert",
- "upcoming_engagement": "alert,alert",
- "stale_engagement": "alert,alert",
- "auto_close_engagement": "alert,alert",
- "close_engagement": "alert,alert",
- "user_mentioned": "alert,alert",
- "code_review": "alert,alert",
- "review_requested": "alert,alert",
- "other": "alert,alert",
- "user": 3,
- "product": null,
- "template": false,
- "sla_breach": "alert,alert",
- "risk_acceptance_expiration": "alert,alert",
- "sla_breach_combined": "alert,alert"
- }
-},
-{
- "model": "dojo.tool_product_settings",
- "pk": 1,
- "fields": {
- "name": "Product Setting 1",
- "description": "test product setting",
- "url": "http://www.example.com",
- "product": 1,
- "tool_configuration": 1,
- "tool_project_id": "1",
- "notes": []
- }
-},
-{
- "model": "dojo.tool_product_settings",
- "pk": 2,
- "fields": {
- "name": "Product Setting 2",
- "description": "test product setting",
- "url": "http://www.example.com",
- "product": 1,
- "tool_configuration": 2,
- "tool_project_id": "2",
- "notes": []
- }
-},
-{
- "model": "dojo.tool_product_settings",
- "pk": 3,
- "fields": {
- "name": "Product Setting 3",
- "description": "test product setting",
- "url": "http://www.example.com",
- "product": 1,
- "tool_configuration": 3,
- "tool_project_id": "3",
- "notes": []
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 1,
- "fields": {
- "title": "Static Scan for Python How-to",
- "description": "\n\n\n The engagement \"Python How-to\" has been created.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/4",
- "source": "Engagement Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-04T09:01:00.711Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 2,
- "fields": {
- "title": "Static Scan for Python How-to",
- "description": "\n\n\n The engagement \"Python How-to\" has been created.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/4",
- "source": "Engagement Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-04T09:01:00.726Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 3,
- "fields": {
- "title": "0 findings for Bodgeit",
- "description": "\n\n\n \n\n",
- "url": "http://defectdojo.herokuapp.com/test/17",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-04T09:22:29.720Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 4,
- "fields": {
- "title": "0 findings for Bodgeit",
- "description": "\n\n\n \n\n",
- "url": "http://defectdojo.herokuapp.com/test/17",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-04T09:22:29.733Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 5,
- "fields": {
- "title": "Quarterly PCI Scan for Bodgeit",
- "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/6",
- "source": "Engagement Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-04T09:25:29.445Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 6,
- "fields": {
- "title": "Quarterly PCI Scan for Bodgeit",
- "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/6",
- "source": "Engagement Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-04T09:25:29.455Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 7,
- "fields": {
- "title": "Qualys Scan for Bodgeit",
- "description": "\n\n\n New test added for engagement Bodgeit: Qualys Scan.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/6",
- "source": "Test Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-04T09:25:46.372Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 8,
- "fields": {
- "title": "Qualys Scan for Bodgeit",
- "description": "\n\n\n New test added for engagement Bodgeit: Qualys Scan.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/6",
- "source": "Test Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-04T09:25:46.385Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 9,
- "fields": {
- "title": "Initial Assessment for Account Software",
- "description": "\n\n\n The engagement \"Account Software\" has been created.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/8",
- "source": "Engagement Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-04T09:42:51.166Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 10,
- "fields": {
- "title": "Initial Assessment for Account Software",
- "description": "\n\n\n The engagement \"Account Software\" has been created.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/8",
- "source": "Engagement Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-04T09:42:51.176Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 11,
- "fields": {
- "title": "API Test for Account Software",
- "description": "\n\n\n New test added for engagement Account Software: API Test.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/8",
- "source": "Test Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-04T09:43:09.143Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 12,
- "fields": {
- "title": "API Test for Account Software",
- "description": "\n\n\n New test added for engagement Account Software: API Test.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/8",
- "source": "Test Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-04T09:43:09.153Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 13,
- "fields": {
- "title": "Nmap Scan for Account Software",
- "description": "\n\n\n New test added for engagement Account Software: Nmap Scan.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/8",
- "source": "Test Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-04T09:43:23.460Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 14,
- "fields": {
- "title": "Nmap Scan for Account Software",
- "description": "\n\n\n New test added for engagement Account Software: Nmap Scan.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/8",
- "source": "Test Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-04T09:43:23.472Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 15,
- "fields": {
- "title": "Dependency Check Scan for Account Software",
- "description": "\n\n\n New test added for engagement Account Software: Dependency Check Scan.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/8",
- "source": "Test Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-04T09:43:41.770Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 16,
- "fields": {
- "title": "Dependency Check Scan for Account Software",
- "description": "\n\n\n New test added for engagement Account Software: Dependency Check Scan.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/8",
- "source": "Test Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-04T09:43:41.785Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 17,
- "fields": {
- "title": "ZAP Scan for Account Software",
- "description": "\n\n\n New test added for engagement Account Software: ZAP Scan.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/8",
- "source": "Test Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-04T09:44:01.865Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 18,
- "fields": {
- "title": "ZAP Scan for Account Software",
- "description": "\n\n\n New test added for engagement Account Software: ZAP Scan.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/8",
- "source": "Test Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-04T09:44:01.877Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 19,
- "fields": {
- "title": "2 findings for Bodgeit",
- "description": "\n\n\n \n\n",
- "url": "http://defectdojo.herokuapp.com/test/25",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-05T06:44:36.344Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 20,
- "fields": {
- "title": "2 findings for Bodgeit",
- "description": "\n\n\n \n\n",
- "url": "http://defectdojo.herokuapp.com/test/25",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-05T06:44:36.353Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 21,
- "fields": {
- "title": "18 findings for Bodgeit",
- "description": "\n\n\n \n\n",
- "url": "http://defectdojo.herokuapp.com/test/26",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-05T06:46:09.906Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 22,
- "fields": {
- "title": "18 findings for Bodgeit",
- "description": "\n\n\n \n\n",
- "url": "http://defectdojo.herokuapp.com/test/26",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-05T06:46:09.914Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 23,
- "fields": {
- "title": "10 findings for Bodgeit",
- "description": "\n\n\n \n\n",
- "url": "http://defectdojo.herokuapp.com/test/28",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-05T06:47:20.764Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 24,
- "fields": {
- "title": "10 findings for Bodgeit",
- "description": "\n\n\n \n\n",
- "url": "http://defectdojo.herokuapp.com/test/28",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-05T06:47:20.774Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 25,
- "fields": {
- "title": "Manual PenTest for Bodgeit",
- "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/11",
- "source": "Engagement Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-05T06:54:11.922Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 26,
- "fields": {
- "title": "Manual PenTest for Bodgeit",
- "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/11",
- "source": "Engagement Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-05T06:54:11.931Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 27,
- "fields": {
- "title": "Manual Code Review for Bodgeit",
- "description": "\n\n\n New test added for engagement Bodgeit: Manual Code Review.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/11",
- "source": "Test Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-05T06:54:24.017Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 28,
- "fields": {
- "title": "Manual Code Review for Bodgeit",
- "description": "\n\n\n New test added for engagement Bodgeit: Manual Code Review.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/11",
- "source": "Test Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-05T06:54:24.025Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 29,
- "fields": {
- "title": "Pen Test for Bodgeit",
- "description": "\n\n\n New test added for engagement Bodgeit: Pen Test.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/11",
- "source": "Test Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-05T06:54:35.541Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 30,
- "fields": {
- "title": "Pen Test for Bodgeit",
- "description": "\n\n\n New test added for engagement Bodgeit: Pen Test.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/11",
- "source": "Test Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-05T06:54:35.551Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 31,
- "fields": {
- "title": "CI/CD Baseline Security Test for Bodgeit",
- "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/12",
- "source": "Engagement Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-05T07:06:26.179Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 32,
- "fields": {
- "title": "CI/CD Baseline Security Test for Bodgeit",
- "description": "\n\n\n The engagement \"Bodgeit\" has been created.\n",
- "url": "http://defectdojo.herokuapp.com/engagement/12",
- "source": "Engagement Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-05T07:06:26.187Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 33,
- "fields": {
- "title": "28 findings for Bodgeit",
- "description": "\n\n\n \n\n",
- "url": "http://defectdojo.herokuapp.com/test/31",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-05T07:07:23.992Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 34,
- "fields": {
- "title": "28 findings for Bodgeit",
- "description": "\n\n\n \n\n",
- "url": "http://defectdojo.herokuapp.com/test/31",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-05T07:07:24.008Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 35,
- "fields": {
- "title": "10 findings for BodgeIt",
- "description": "\n\n\n \n\n",
- "url": "http://defectdojo.herokuapp.com/test/32",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-05T10:43:09.169Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 36,
- "fields": {
- "title": "10 findings for BodgeIt",
- "description": "\n\n\n \n\n",
- "url": "http://defectdojo.herokuapp.com/test/32",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-05T10:43:09.178Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 37,
- "fields": {
- "title": "10 findings for BodgeIt",
- "description": "\n\n\n \n\n",
- "url": "http://defectdojo.herokuapp.com/test/37",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-05T10:51:04.993Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 38,
- "fields": {
- "title": "10 findings for BodgeIt",
- "description": "\n\n\n \n\n",
- "url": "http://defectdojo.herokuapp.com/test/37",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-05T10:51:05.001Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 39,
- "fields": {
- "title": "10 findings for BodgeIt",
- "description": "\n\n\n \n\n",
- "url": "http://localhost:8000/test/39",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": null,
- "created": "2021-11-05T10:52:48.176Z"
- }
-},
-{
- "model": "dojo.alerts",
- "pk": 40,
- "fields": {
- "title": "10 findings for BodgeIt",
- "description": "\n\n\n \n\n",
- "url": "http://localhost:8000/test/39",
- "source": "Results Added",
- "icon": "info-circle",
- "user_id": 1,
- "created": "2021-11-05T10:52:48.263Z"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 1,
- "fields": {
- "language": "ActionScript",
- "color": "#F2D7D5"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 2,
- "fields": {
- "language": "Python",
- "color": "#006400"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 3,
- "fields": {
- "language": "Ruby",
- "color": "#cd5c5c"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 4,
- "fields": {
- "language": "ABAP",
- "color": "#F9EBEA"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 5,
- "fields": {
- "language": "Ada",
- "color": "#E6B0AA"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 6,
- "fields": {
- "language": "ADSO/IDSM",
- "color": "#D98880"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 7,
- "fields": {
- "language": "Agda",
- "color": "#CD6155"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 8,
- "fields": {
- "language": "AMPLE",
- "color": "#C0392B"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 9,
- "fields": {
- "language": "Ant",
- "color": "#A93226"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 10,
- "fields": {
- "language": "ANTLR Grammar",
- "color": "#641E16"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 11,
- "fields": {
- "language": "Apex Trigger",
- "color": "#FDEDEC"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 12,
- "fields": {
- "language": "Arduino Sketch",
- "color": "#FADBD8"
- }
+ "model": "dojo.language_type",
+ "pk": 126,
+ "fields": {
+ "language": "Nemerle",
+ "color": "#FDF5E6"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 13,
- "fields": {
- "language": "AsciiDoc",
- "color": "#F1948A"
- }
+ "model": "dojo.language_type",
+ "pk": 127,
+ "fields": {
+ "language": "Nim",
+ "color": "#F5F5DC"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 14,
- "fields": {
- "language": "ASP",
- "color": "#E74C3C"
- }
+ "model": "dojo.language_type",
+ "pk": 128,
+ "fields": {
+ "language": "Objective C",
+ "color": "#cc00cc"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 15,
- "fields": {
- "language": "ASP.NET",
- "color": "#CB4335"
- }
+ "model": "dojo.language_type",
+ "pk": 129,
+ "fields": {
+ "language": "Objective C++",
+ "color": "#ff9966"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 16,
- "fields": {
- "language": "AspectJ",
- "color": "#943126"
- }
+ "model": "dojo.language_type",
+ "pk": 130,
+ "fields": {
+ "language": "OCaml",
+ "color": "#F8F8FF"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 17,
- "fields": {
- "language": "Assembly",
- "color": "#78281F"
- }
+ "model": "dojo.language_type",
+ "pk": 131,
+ "fields": {
+ "language": "OpenCL",
+ "color": "#F0F8FF"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 18,
- "fields": {
- "language": "AutoHotkey",
- "color": "#F5EEF8"
- }
+ "model": "dojo.language_type",
+ "pk": 132,
+ "fields": {
+ "language": "Oracle Forms",
+ "color": "#F0FFFF"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 19,
- "fields": {
- "language": "awk",
- "color": "#EBDEF0"
- }
+ "model": "dojo.language_type",
+ "pk": 133,
+ "fields": {
+ "language": "Oracle PL/SQL",
+ "color": "#F5FFFA"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 20,
- "fields": {
- "language": "Blade",
- "color": "#D7BDE2"
- }
+ "model": "dojo.language_type",
+ "pk": 134,
+ "fields": {
+ "language": "Oracle Reports",
+ "color": "#F0FFF0"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 21,
- "fields": {
- "language": "Bourne Again Shell",
- "color": "#C39BD3"
- }
+ "model": "dojo.language_type",
+ "pk": 135,
+ "fields": {
+ "language": "Pascal",
+ "color": "#FFFAFA"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 22,
- "fields": {
- "language": "Bourne Shell",
- "color": "#AF7AC5"
- }
+ "model": "dojo.language_type",
+ "pk": 136,
+ "fields": {
+ "language": "Pascal/Puppet",
+ "color": "#C71585"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 23,
- "fields": {
- "language": "BrightScript",
- "color": "#884EA0"
- }
+ "model": "dojo.language_type",
+ "pk": 137,
+ "fields": {
+ "language": "Patran Command Language",
+ "color": "#DB7093"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 24,
- "fields": {
- "language": "C",
- "color": "#6C3483"
- }
+ "model": "dojo.language_type",
+ "pk": 138,
+ "fields": {
+ "language": "Perl",
+ "color": "#FF1493"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 25,
- "fields": {
- "language": "C Shell",
- "color": "#5B2C6F"
- }
+ "model": "dojo.language_type",
+ "pk": 139,
+ "fields": {
+ "language": "PHP",
+ "color": "#FF69B4"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 26,
- "fields": {
- "language": "C#",
- "color": "#4A235A"
- }
+ "model": "dojo.language_type",
+ "pk": 140,
+ "fields": {
+ "language": "PHP/Pascal",
+ "color": "#FFB6C1"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 27,
- "fields": {
- "language": "C++",
- "color": "#F4ECF7"
- }
+ "model": "dojo.language_type",
+ "pk": 141,
+ "fields": {
+ "language": "PL/I",
+ "color": "#FFC0CB"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 28,
- "fields": {
- "language": "C/C++ Header",
- "color": "#E8DAEF"
- }
+ "model": "dojo.language_type",
+ "pk": 143,
+ "fields": {
+ "language": "PL/M",
+ "color": "#4B0082"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 29,
- "fields": {
- "language": "CCS",
- "color": "#D2B4DE"
- }
+ "model": "dojo.language_type",
+ "pk": 144,
+ "fields": {
+ "language": "PowerBuilder",
+ "color": "#800080"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 30,
- "fields": {
- "language": "Chapel",
- "color": "#BB8FCE"
- }
+ "model": "dojo.language_type",
+ "pk": 145,
+ "fields": {
+ "language": "PowerShell",
+ "color": "#8B008B"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 31,
- "fields": {
- "language": "Clean",
- "color": "#8E44AD"
- }
+ "model": "dojo.language_type",
+ "pk": 146,
+ "fields": {
+ "language": "ProGuard",
+ "color": "#9932CC"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 32,
- "fields": {
- "language": "Clojure",
- "color": "#7D3C98"
- }
+ "model": "dojo.language_type",
+ "pk": 147,
+ "fields": {
+ "language": "Prolog",
+ "color": "#9400D3"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 33,
- "fields": {
- "language": "ClojureC",
- "color": "#7D3C98"
- }
+ "model": "dojo.language_type",
+ "pk": 148,
+ "fields": {
+ "language": "Protocol Buffers",
+ "color": "#8A2BE2"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 34,
- "fields": {
- "language": "ClojureScript",
- "color": "#5B2C6F"
- }
+ "model": "dojo.language_type",
+ "pk": 149,
+ "fields": {
+ "language": "Pug",
+ "color": "#9370DB"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 35,
- "fields": {
- "language": "CMake",
- "color": "#4A235A"
- }
+ "model": "dojo.language_type",
+ "pk": 150,
+ "fields": {
+ "language": "PureScript",
+ "color": "#BA55D3"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 36,
- "fields": {
- "language": "COBOL",
- "color": "#EAF2F8"
- }
+ "model": "dojo.language_type",
+ "pk": 151,
+ "fields": {
+ "language": "QML",
+ "color": "#FF00FF"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 37,
- "fields": {
- "language": "CoffeeScript",
- "color": "#D4E6F1"
- }
+ "model": "dojo.language_type",
+ "pk": 152,
+ "fields": {
+ "language": "Qt",
+ "color": "#FF00FF"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 38,
- "fields": {
- "language": "ColdFusion",
- "color": "#D6EAF8"
- }
+ "model": "dojo.language_type",
+ "pk": 153,
+ "fields": {
+ "language": "Qt Linguist",
+ "color": "#DA70D6"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 39,
- "fields": {
- "language": "ColdFusion CFScript",
- "color": "#A9CCE3"
- }
+ "model": "dojo.language_type",
+ "pk": 154,
+ "fields": {
+ "language": "Qt Project",
+ "color": "#EE82EE"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 40,
- "fields": {
- "language": "Coq",
- "color": "#7FB3D5"
- }
+ "model": "dojo.language_type",
+ "pk": 155,
+ "fields": {
+ "language": "R",
+ "color": "#DDA0DD"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 41,
- "fields": {
- "language": "Crystal",
- "color": "#5499C7"
- }
+ "model": "dojo.language_type",
+ "pk": 156,
+ "fields": {
+ "language": "Racket",
+ "color": "#D8BFD8"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 42,
- "fields": {
- "language": "CSON",
- "color": "#1A5276"
- }
+ "model": "dojo.language_type",
+ "pk": 157,
+ "fields": {
+ "language": "RAML",
+ "color": "#E6E6FA"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 43,
- "fields": {
- "language": "CSS",
- "color": "#EBF5FB"
- }
+ "model": "dojo.language_type",
+ "pk": 158,
+ "fields": {
+ "language": "RapydScript",
+ "color": "#483D8B"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 44,
- "fields": {
- "language": "Cucumber",
- "color": "#D4E6F1"
- }
+ "model": "dojo.language_type",
+ "pk": 159,
+ "fields": {
+ "language": "Razor",
+ "color": "#6A5ACD"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 45,
- "fields": {
- "language": "CUDA",
- "color": "#7FB3D5"
- }
+ "model": "dojo.language_type",
+ "pk": 160,
+ "fields": {
+ "language": "Rexx",
+ "color": "#7B68EE"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 46,
- "fields": {
- "language": "Cython",
- "color": "#5499C7"
- }
+ "model": "dojo.language_type",
+ "pk": 161,
+ "fields": {
+ "language": "RobotFramework",
+ "color": "#191970"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 47,
- "fields": {
- "language": "D",
- "color": "#2980B9"
- }
+ "model": "dojo.language_type",
+ "pk": 162,
+ "fields": {
+ "language": "Ruby",
+ "color": "#000080"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 48,
- "fields": {
- "language": "DAL",
- "color": "#2471A3"
- }
+ "model": "dojo.language_type",
+ "pk": 163,
+ "fields": {
+ "language": "Ruby HTML",
+ "color": "#00008B"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 49,
- "fields": {
- "language": "Dart",
- "color": "#1A5276"
- }
+ "model": "dojo.language_type",
+ "pk": 164,
+ "fields": {
+ "language": "Rust",
+ "color": "#0000CD"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 50,
- "fields": {
- "language": "diff",
- "color": "#154360"
- }
+ "model": "dojo.language_type",
+ "pk": 165,
+ "fields": {
+ "language": "SAS",
+ "color": "#0000FF"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 51,
- "fields": {
- "language": "DITA",
- "color": "#EBF5FB"
- }
+ "model": "dojo.language_type",
+ "pk": 166,
+ "fields": {
+ "language": "Sass",
+ "color": "#4169E1"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 52,
- "fields": {
- "language": "DOS Batch",
- "color": "#AED6F1"
- }
+ "model": "dojo.language_type",
+ "pk": 167,
+ "fields": {
+ "language": "Scala",
+ "color": "#4682B4"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 53,
- "fields": {
- "language": "Drools",
- "color": "#85C1E9"
- }
+ "model": "dojo.language_type",
+ "pk": 168,
+ "fields": {
+ "language": "Scheme",
+ "color": "#6495ED"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 54,
- "fields": {
- "language": "DTD",
- "color": "#5DADE2"
- }
+ "model": "dojo.language_type",
+ "pk": 169,
+ "fields": {
+ "language": "sed",
+ "color": "#1E90FF"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 55,
- "fields": {
- "language": "dtrace",
- "color": "#2980B9"
- }
+ "model": "dojo.language_type",
+ "pk": 170,
+ "fields": {
+ "language": "SKILL",
+ "color": "#B0C4DE"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 56,
- "fields": {
- "language": "ECPP",
- "color": "#2471A3"
- }
+ "model": "dojo.language_type",
+ "pk": 171,
+ "fields": {
+ "language": "SKILL++",
+ "color": "#00BFFF"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 57,
- "fields": {
- "language": "EEx",
- "color": "#1F618D"
- }
+ "model": "dojo.language_type",
+ "pk": 172,
+ "fields": {
+ "language": "Skylark",
+ "color": "#87CEEB"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 58,
- "fields": {
- "language": "Elixir",
- "color": "#154360"
- }
+ "model": "dojo.language_type",
+ "pk": 173,
+ "fields": {
+ "language": "Slice",
+ "color": "#87CEFA"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 59,
- "fields": {
- "language": "Elm",
- "color": "#EBF5FB"
- }
+ "model": "dojo.language_type",
+ "pk": 174,
+ "fields": {
+ "language": "Slim",
+ "color": "#ADD8E6"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 60,
- "fields": {
- "language": "ERB",
- "color": "#D6EAF8"
- }
+ "model": "dojo.language_type",
+ "pk": 175,
+ "fields": {
+ "language": "Smalltalk",
+ "color": "#B0E0E6"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 61,
- "fields": {
- "language": "Erlang",
- "color": "#AED6F1"
- }
+ "model": "dojo.language_type",
+ "pk": 176,
+ "fields": {
+ "language": "Smarty",
+ "color": "#008080"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 62,
- "fields": {
- "language": "Expect",
- "color": "#85C1E9"
- }
+ "model": "dojo.language_type",
+ "pk": 177,
+ "fields": {
+ "language": "Softbridge Basic",
+ "color": "#008B8B"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 63,
- "fields": {
- "language": "F#",
- "color": "#5DADE2"
- }
+ "model": "dojo.language_type",
+ "pk": 179,
+ "fields": {
+ "language": "Solidity",
+ "color": "#5F9EA0"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 64,
- "fields": {
- "language": "F# Script",
- "color": "#3498DB"
- }
+ "model": "dojo.language_type",
+ "pk": 180,
+ "fields": {
+ "language": "Specman e",
+ "color": "#20B2AA"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 65,
- "fields": {
- "language": "Fish Shell",
- "color": "#2E86C1"
- }
+ "model": "dojo.language_type",
+ "pk": 181,
+ "fields": {
+ "language": "SQL",
+ "color": "#00CED1"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 66,
- "fields": {
- "language": "Focus",
- "color": "#2874A6"
- }
+ "model": "dojo.language_type",
+ "pk": 182,
+ "fields": {
+ "language": "SQL Data",
+ "color": "#48D1CC"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 67,
- "fields": {
- "language": "Forth",
- "color": "#1B4F72"
- }
+ "model": "dojo.language_type",
+ "pk": 183,
+ "fields": {
+ "language": "SQL Stored Procedure",
+ "color": "#40E0D0"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 68,
- "fields": {
- "language": "Fortran 77",
- "color": "#E8F8F5"
- }
+ "model": "dojo.language_type",
+ "pk": 184,
+ "fields": {
+ "language": "Standard ML",
+ "color": "#AFEEEE"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 69,
- "fields": {
- "language": "Fortran 90",
- "color": "#D1F2EB"
- }
+ "model": "dojo.language_type",
+ "pk": 185,
+ "fields": {
+ "language": "Stata",
+ "color": "#66CDAA"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 70,
- "fields": {
- "language": "Freemarker Template",
- "color": "#"
- }
+ "model": "dojo.language_type",
+ "pk": 186,
+ "fields": {
+ "language": "Stylus",
+ "color": "#7FFFD4"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 71,
- "fields": {
- "language": "GDScript",
- "color": "#A3E4D7"
- }
+ "model": "dojo.language_type",
+ "pk": 187,
+ "fields": {
+ "language": "Swift",
+ "color": "#00FFFF"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 72,
- "fields": {
- "language": "Gencat NLS",
- "color": "#76D7C4"
- }
+ "model": "dojo.language_type",
+ "pk": 188,
+ "fields": {
+ "language": "SWIG",
+ "color": "#00FFFF"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 73,
- "fields": {
- "language": "Glade",
- "color": "#48C9B0"
- }
+ "model": "dojo.language_type",
+ "pk": 189,
+ "fields": {
+ "language": "Tcl/Tk",
+ "color": "#E0FFFF"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 74,
- "fields": {
- "language": "GLSL",
- "color": "#1ABC9C"
- }
+ "model": "dojo.language_type",
+ "pk": 190,
+ "fields": {
+ "language": "Teamcenter met",
+ "color": "#6B8E23"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 75,
- "fields": {
- "language": "Go",
- "color": "#17A589"
- }
+ "model": "dojo.language_type",
+ "pk": 191,
+ "fields": {
+ "language": "Teamcenter mth",
+ "color": "#556B2F"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 76,
- "fields": {
- "language": "Grails",
- "color": "#148F77"
- }
+ "model": "dojo.language_type",
+ "pk": 192,
+ "fields": {
+ "language": "TeX",
+ "color": "#808000"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 77,
- "fields": {
- "language": "GraphQL",
- "color": "#117864"
- }
+ "model": "dojo.language_type",
+ "pk": 193,
+ "fields": {
+ "language": "TITAN Project File Information",
+ "color": "#2E8B57"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 78,
- "fields": {
- "language": "Groovy",
- "color": "#0E6251"
- }
+ "model": "dojo.language_type",
+ "pk": 194,
+ "fields": {
+ "language": "Titanium Style Sheet",
+ "color": "#3CB371"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 79,
- "fields": {
- "language": "Haml",
- "color": "#E8F6F3"
- }
+ "model": "dojo.language_type",
+ "pk": 195,
+ "fields": {
+ "language": "TOML",
+ "color": "#8FBC8F"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 80,
- "fields": {
- "language": "Handlebars",
- "color": "#A3E4D7"
- }
+ "model": "dojo.language_type",
+ "pk": 196,
+ "fields": {
+ "language": "TTCN",
+ "color": "#00FA9A"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 81,
- "fields": {
- "language": "Harbour",
- "color": "#76D7C4"
- }
+ "model": "dojo.language_type",
+ "pk": 197,
+ "fields": {
+ "language": "Twig",
+ "color": "#006400"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 82,
- "fields": {
- "language": "Haskell",
- "color": "#48C9B0"
- }
+ "model": "dojo.language_type",
+ "pk": 198,
+ "fields": {
+ "language": "TypeScript",
+ "color": "#228B22"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 83,
- "fields": {
- "language": "Haxe",
- "color": "#1ABC9C"
- }
+ "model": "dojo.language_type",
+ "pk": 199,
+ "fields": {
+ "language": "Unity-Prefab",
+ "color": "#00FF00"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 84,
- "fields": {
- "language": "HCL",
- "color": "#17A589"
- }
+ "model": "dojo.language_type",
+ "pk": 200,
+ "fields": {
+ "language": "Vala",
+ "color": "#32CD32"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 85,
- "fields": {
- "language": "HLSL",
- "color": "#148F77"
- }
+ "model": "dojo.language_type",
+ "pk": 201,
+ "fields": {
+ "language": "Vala Header",
+ "color": "#FFFF00"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 86,
- "fields": {
- "language": "HTML",
- "color": "#117864"
- }
+ "model": "dojo.language_type",
+ "pk": 202,
+ "fields": {
+ "language": "Velocity Template Language",
+ "color": "#BDB76B"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 87,
- "fields": {
- "language": "IDL",
- "color": "#0E6251"
- }
+ "model": "dojo.language_type",
+ "pk": 203,
+ "fields": {
+ "language": "Verilog-SystemVerilog",
+ "color": "#F0E68C"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 88,
- "fields": {
- "language": "Idris",
- "color": "#0B5345"
- }
+ "model": "dojo.language_type",
+ "pk": 204,
+ "fields": {
+ "language": "VHDL",
+ "color": "#EEE8AA"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 89,
- "fields": {
- "language": "InstallShield",
- "color": "#D4EFDF"
- }
+ "model": "dojo.language_type",
+ "pk": 205,
+ "fields": {
+ "language": "vim script",
+ "color": "#FFDAB9"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 90,
- "fields": {
- "language": "Java",
- "color": "#A9DFBF"
- }
+ "model": "dojo.language_type",
+ "pk": 206,
+ "fields": {
+ "language": "Visual Basic",
+ "color": "#FFE4B5"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 91,
- "fields": {
- "language": "JavaScript",
- "color": "#7DCEA0"
- }
+ "model": "dojo.language_type",
+ "pk": 207,
+ "fields": {
+ "language": "Visual Fox Pro",
+ "color": "#FFEFD5"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 92,
- "fields": {
- "language": "JavaServer Faces",
- "color": "#52BE80"
- }
+ "model": "dojo.language_type",
+ "pk": 208,
+ "fields": {
+ "language": "Visualforce Component",
+ "color": "#FAFAD2"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 93,
- "fields": {
- "language": "JCL",
- "color": "#27AE60"
- }
+ "model": "dojo.language_type",
+ "pk": 209,
+ "fields": {
+ "language": "Visualforce Page",
+ "color": "#FFFACD"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 94,
- "fields": {
- "language": "JSON",
- "color": "#229954"
- }
+ "model": "dojo.language_type",
+ "pk": 210,
+ "fields": {
+ "language": "Vuejs Component",
+ "color": "#FFFFE0"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 95,
- "fields": {
- "language": "JSP",
- "color": "#1E8449"
- }
+ "model": "dojo.language_type",
+ "pk": 211,
+ "fields": {
+ "language": "Windows Message File",
+ "color": "#FF8C00"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 97,
- "fields": {
- "language": "JSX",
- "color": "#196F3D"
- }
+ "model": "dojo.language_type",
+ "pk": 212,
+ "fields": {
+ "language": "Windows Module Definition",
+ "color": "#FFA500"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 98,
- "fields": {
- "language": "Julia",
- "color": "#0B5345"
- }
+ "model": "dojo.language_type",
+ "pk": 213,
+ "fields": {
+ "language": "Windows Resource File",
+ "color": "#FFD700"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 99,
- "fields": {
- "language": "Kermit",
- "color": "#800000"
- }
+ "model": "dojo.language_type",
+ "pk": 214,
+ "fields": {
+ "language": "WiX include",
+ "color": "#FF4500"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 100,
- "fields": {
- "language": "Korn Shell",
- "color": "#A52A2A"
- }
+ "model": "dojo.language_type",
+ "pk": 215,
+ "fields": {
+ "language": "WiX source",
+ "color": "#FF6347"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 101,
- "fields": {
- "language": "Kotlin",
- "color": "#A0522D"
- }
+ "model": "dojo.language_type",
+ "pk": 216,
+ "fields": {
+ "language": "WiX string localization",
+ "color": "#FF7F50"
+ }
},
{
- "model": "dojo.language_type",
- "pk": 102,
- "fields": {
- "language": "Lean",
- "color": "#8B4513"
- }
+ "model": "dojo.language_type",
+ "pk": 217,
+ "fields": {
+ "language": "XAML",
+ "color": "#8B0000"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 218,
+ "fields": {
+ "language": "xBase",
+ "color": "#FF0000"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 219,
+ "fields": {
+ "language": "xBase Header",
+ "color": "#B22222"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 220,
+ "fields": {
+ "language": "XHTML",
+ "color": "#DC143C"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 221,
+ "fields": {
+ "language": "XMI",
+ "color": "#CD5C5C"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 222,
+ "fields": {
+ "language": "XML",
+ "color": "#F08080"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 223,
+ "fields": {
+ "language": "XQuery",
+ "color": "#E9967A"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 224,
+ "fields": {
+ "language": "XSD",
+ "color": "#FA8072"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 225,
+ "fields": {
+ "language": "XSLT",
+ "color": "#FFA07A"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 226,
+ "fields": {
+ "language": "yacc",
+ "color": "#f0ffff"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 227,
+ "fields": {
+ "language": "YAML",
+ "color": "#c1cdcd"
+ }
+},
+{
+ "model": "dojo.language_type",
+ "pk": 228,
+ "fields": {
+ "language": "zsh",
+ "color": "#8b7d6b"
+ }
+},
+{
+ "model": "dojo.languages",
+ "pk": 1,
+ "fields": {
+ "language": 90,
+ "product": 1,
+ "user": [
+ "admin"
+ ],
+ "files": 500,
+ "blank": 100,
+ "comment": 199,
+ "code": 15000,
+ "created": "2021-11-04T09:00:09.802Z"
+ }
+},
+{
+ "model": "dojo.languages",
+ "pk": 2,
+ "fields": {
+ "language": 2,
+ "product": 1,
+ "user": [
+ "admin"
+ ],
+ "files": 1,
+ "blank": 2,
+ "comment": 2,
+ "code": 200,
+ "created": "2021-11-04T09:01:32.568Z"
+ }
+},
+{
+ "model": "dojo.languages",
+ "pk": 3,
+ "fields": {
+ "language": 91,
+ "product": 1,
+ "user": [
+ "admin"
+ ],
+ "files": 15,
+ "blank": 9,
+ "comment": 10,
+ "code": 800,
+ "created": "2021-11-04T09:01:32.581Z"
+ }
+},
+{
+ "model": "dojo.languages",
+ "pk": 4,
+ "fields": {
+ "language": 222,
+ "product": 1,
+ "user": [
+ "admin"
+ ],
+ "files": 10,
+ "blank": 1,
+ "comment": 8,
+ "code": 200,
+ "created": "2021-11-04T09:13:05.769Z"
+ }
+},
+{
+ "model": "dojo.app_analysis",
+ "pk": 1,
+ "fields": {
+ "product": 1,
+ "name": "Tomcat",
+ "user": [
+ "admin"
+ ],
+ "confidence": 100,
+ "version": "8.5.1",
+ "icon": null,
+ "website": null,
+ "website_found": null,
+ "created": "2021-11-04T09:20:33.477Z",
+ "tags": []
+ }
+},
+{
+ "model": "dojo.objects_review",
+ "pk": 1,
+ "fields": {
+ "name": "Untracked",
+ "created": "2021-06-04T07:43:45.626Z"
+ }
+},
+{
+ "model": "dojo.objects_review",
+ "pk": 2,
+ "fields": {
+ "name": "Manual Code Review Required",
+ "created": "2021-06-05T06:44:08.110Z"
+ }
+},
+{
+ "model": "dojo.objects_review",
+ "pk": 3,
+ "fields": {
+ "name": "Manual Code Review and Create Test",
+ "created": "2021-06-08T13:12:41.078Z"
+ }
+},
+{
+ "model": "dojo.benchmark_type",
+ "pk": 1,
+ "fields": {
+ "name": "OWASP ASVS",
+ "version": "v. 3.1",
+ "benchmark_source": "OWASP ASVS",
+ "created": "2021-06-22T12:28:05.635Z",
+ "updated": "2021-06-22T12:32:16.088Z",
+ "enabled": true
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 1,
+ "fields": {
+ "type": 1,
+ "name": "V7: Cryptography Verification Requirements",
+ "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* That all cryptographic modules fail in a secure manner and that errors are handled correctly.\r\n* That a suitable random number generator is used when randomness is required.\r\n* That access to keys is managed in a secure way.",
+ "references": "* [OWASP Testing Guide 4.0: Testing for weak Cryptography](https://www.owasp.org/index.php/Testing_for_weak_Cryptography)\r\n* [OWASP Cheat Sheet: Cryptographic Storage](https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet)",
+ "enabled": true,
+ "created": "2021-06-22T12:32:50.575Z",
+ "updated": "2021-06-22T12:32:50.575Z"
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 2,
+ "fields": {
+ "type": 1,
+ "name": "V2: Authentication Verification Requirements",
+ "objective": "Authentication is the act of establishing, or confirming, something (or someone) as authentic, that is, that claims made by or about the thing are true. Ensure that a verified application satisfies the following high level requirements:\r\n\r\nVerifies the digital identity of the sender of a communication. Ensures that only those authorised are able to authenticate and credentials are transported in a secure manner.",
+ "references": "* https://www.owasp.org/index.php/Testing_for_authentication\r\n* https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Choosing_and_Using_Security_Questions_Cheat_Sheet",
+ "enabled": true,
+ "created": "2021-06-28T12:34:11.372Z",
+ "updated": "2021-06-28T12:34:11.372Z"
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 3,
+ "fields": {
+ "type": 1,
+ "name": "V1: Architecture, Design and Threat Modeling Requirements",
+ "objective": "In a perfect world, security would be considered throughout all phases of development. In reality however, security is often only a consideration at a late stage in the SDLC. Besides the technical controls, the ASVS requires processes to be in place that ensure that the security has been explicitly addressed when planning the architecture of the application or API, and that the functional and security roles of all components are known. Since single page applications and act as clients to remote API or services, it must be ensured that appropriate security standards are also applied to those services - testing the app in isolation is not sufficient.\r\n\r\nThe category lists requirements pertaining to architecture and design of the app. As such, this is the only category that does not map to technical test cases in the OWASP Testing Guide. To cover topics such as threat modelling, secure SDLC, key management, users of the ASVS should consult the respective OWASP projects and/or other standards such as the ones linked below.",
+ "references": "* https://www.owasp.org/index.php/Application_Security_Architecture_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Attack_Surface_Analysis_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Application_Security_Architecture_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Application_Threat_Modeling\r\n* https://www.owasp.org/index.php/Secure_SDLC_Cheat_Sheet\r\n* https://www.microsoft.com/en-us/sdl/\r\n* http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf",
+ "enabled": true,
+ "created": "2021-06-29T09:43:01.380Z",
+ "updated": "2021-06-29T09:43:01.380Z"
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 4,
+ "fields": {
+ "type": 1,
+ "name": "V3: Session Management Verification Requirements",
+ "objective": "One of the core components of any web-based application is the mechanism by which it controls and maintains the state for a user interacting with it. This is referred to this as Session Management and is defined as the set of all controls governing state-full interaction between a user and the web-based application.\r\n\r\nEnsure that a verified application satisfies the following high level session management requirements:\r\n\r\n* Sessions are unique to each individual and cannot be guessed or shared\r\n* Sessions are invalidated when no longer required and timed out during periods of inactivity.",
+ "references": "* https://www.owasp.org/index.php/Testing_for_Session_Management\r\n* https://www.owasp.org/index.php/Session_Management_Cheat_Sheet",
+ "enabled": true,
+ "created": "2021-06-29T09:46:43.544Z",
+ "updated": "2021-06-29T09:46:43.544Z"
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 5,
+ "fields": {
+ "type": 1,
+ "name": "V4: Access Control Verification Requirements",
+ "objective": "Authorization is the concept of allowing access to resources only to those permitted to use them. Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* Persons accessing resources holds valid credentials to do so.\r\n* Users are associated with a well-defined set of roles and privileges.\r\n* Role and permission metadata is protected from replay or tampering.",
+ "references": "* [OWASP Testing Guide 4.0: Authorization](https://www.owasp.org/index.php/Testing_for_Authorization)\r\n* [OWASP Cheat Sheet: Access Control](https://www.owasp.org/index.php/Access_Control_Cheat_Sheet)",
+ "enabled": true,
+ "created": "2021-06-29T11:08:56.925Z",
+ "updated": "2021-06-29T11:08:56.925Z"
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 6,
+ "fields": {
+ "type": 1,
+ "name": "V5: Input Validation and Output Encoding Verification Requirements",
+ "objective": "The most common web application security weakness is the failure to properly validate input coming from the client or from the environment before using it. This weakness leads to almost all of the major vulnerabilities in web applications, such as cross site scripting, SQL injection, interpreter injection, locale/Unicode attacks, file system attacks, and buffer overflows.\r\n\r\nEnsure that a verified application satisfies the following high level requirements:\r\n\r\n* All input is validated to be correct and fit for the intended purpose.\r\n* Data from an external entity or client should never be trusted and should be handled accordingly.",
+ "references": "* [OWASP Testing Guide 4.0: Input Validation Testing](https://www.owasp.org/index.php/Testing_for_Input_Validation)\r\n* [OWASP Cheat Sheet: Input Validation](https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet)\r\n* [OWASP Testing Guide 4.0: Testing for HTTP Parameter Pollution](https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_%28OTG-INPVAL-004%29)\r\n* [OWASP LDAP Injection Cheat Sheet ](https://www.owasp.org/index.php/LDAP_Injection_Prevention_Cheat_Sheet)\r\n* [OWASP Testing Guide 4.0: Client Side Testing ](https://www.owasp.org/index.php/Client_Side_Testing)\r\n* [OWASP Cross Site Scripting Prevention Cheat Sheet ](https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet)\r\n* [OWASP DOM Based Cross Site Scripting Prevention Cheat Sheet ](https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet)\r\n* [OWASP Java Encoding Project](https://www.owasp.org/index.php/OWASP_Java_Encoder_Project)\r\n\r\nFor more information on auto-escaping, please see:\r\n\r\n* [Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems](http://googleonlinesecurity.blogspot.com/2009/03/reducing-xss-by-way-of-automatic.html)\r\n* [AngularJS Strict Contextual Escaping](https://docs.angularjs.org/api/ng/service/$sce)\r\n* [ReactJS Escaping](https://reactjs.org/docs/introducing-jsx.html#jsx-prevents-injection-attacks)\r\n* [Improperly Controlled Modification of Dynamically-Determined Object Attributes](https://cwe.mitre.org/data/definitions/915.html)",
+ "enabled": true,
+ "created": "2021-06-29T11:18:52.073Z",
+ "updated": "2021-06-29T11:18:52.073Z"
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 7,
+ "fields": {
+ "type": 1,
+ "name": "V8: Error Handling and Logging Verification Requirements",
+ "objective": "The primary objective of error handling and logging is to provide a useful reaction by the user, administrators, and incident response teams. The objective is not to create massive amounts of logs, but high quality logs, with more signal than discarded noise.\r\n\r\nHigh quality logs will often contain sensitive data, and must be protected as per local data privacy laws or directives. This should include:\r\n\r\n* Not collecting or logging sensitive information if not specifically required.\r\n* Ensuring all logged information is handled securely and protected as per its data classification.\r\n* Ensuring that logs are not forever, but have an absolute lifetime that is as short as possible.\r\n\r\nIf logs contain private or sensitive data, the definition of which varies from country to country, the logs become some of the most sensitive information held by the application and thus very attractive to attackers in their own right.",
+ "references": "* [OWASP Testing Guide 4.0 content: Testing for Error Handling](https://www.owasp.org/index.php/Testing_for_Error_Handling)",
+ "enabled": true,
+ "created": "2021-06-29T11:35:35.432Z",
+ "updated": "2021-06-29T11:35:35.432Z"
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 8,
+ "fields": {
+ "type": 1,
+ "name": "V9: Data Protection Verification Requirements",
+ "objective": "There are three key elements to sound data protection: Confidentiality, Integrity and Availability (CIA). This standard assumes that data protection is enforced on a trusted system, such as a server, which has been hardened and has sufficient protections.\r\n\r\nApplications have to assume that all user devices are compromised in some way. Where an application transmits or stores sensitive information on insecure devices, such as shared computers, phones and tablets, the application is responsible for ensuring data stored on these devices is encrypted and cannot be easily illicitly obtained, altered or disclosed.\r\n\r\nEnsure that a verified application satisfies the following high level data protection requirements:\r\n\r\n*\tConfidentiality: Data should be protected from unauthorised observation or disclosure both in transit and when stored.\r\n*\tIntegrity: Data should be protected being maliciously created, altered or deleted by unauthorized attackers.\r\n*\tAvailability: Data should be available to authorized users as required",
+ "references": "* [Consider using Security Headers website to check security and anti-caching headers](https://securityheaders.io)\r\n* [OWASP Secure Headers project](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project)\r\n* [User Privacy Protection Cheat Sheet](https://www.owasp.org/index.php/User_Privacy_Protection_Cheat_Sheet)",
+ "enabled": true,
+ "created": "2021-06-29T12:24:47.748Z",
+ "updated": "2021-06-29T12:24:47.748Z"
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 9,
+ "fields": {
+ "type": 1,
+ "name": "V10: Communications Verification Requirements",
+ "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* That TLS is used where sensitive data is transmitted.\r\n* That strong algorithms and ciphers are used at all times.",
+ "references": "* [OWASP TLS Cheat Sheet. ](https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet)\r\n* [Notes on Approved modes of TLS. In the past, the ASVS referred to the US standard FIPS 140-2, but as a global standard, applying US standards this can be difficult, contradictory, or confusing to apply. A better method of achieving compliance with 10.8 would be to review guides such as (https://wiki.mozilla.org/Security/Server_Side_TLS), generate known good configurations (https://mozilla.github.io/server-side-tls/ssl-config-generator/), and use known TLS evaluation tools, such as sslyze, various vulnerability scanners or trusted TLS online assessment services to obtain a desired level of security. In general, we see non-compliance for this section being the use of outdated or insecure ciphers and algorithms, the lack of perfect forward secrecy, outdated or insecure SSL protocols, weak preferred ciphers, and so on.]\r\n* [Certificate pinning. For more information please review ](https://tools.ietf.org/html/rfc7469.)The rationale behind certificate pinning for production and backup keys is business continuity - see (https://noncombatant.org/2015/05/01/about-http-public-key-pinning/)\r\n* [OWASP Certificate Pinning Cheat Sheet](https://www.owasp.org/index.php/Pinning_Cheat_Sheet)\r\n* [OWASP Certificate and Public Key Pinning](https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning)\r\n* [Time of first use (TOFU) Pinning](https://developer.mozilla.org/en/docs/Web/Security/Public_Key_Pinning)\r\n* [Pre-loading HTTP Strict Transport Security](https://www.chromium.org/hsts)",
+ "enabled": true,
+ "created": "2021-06-29T17:57:07.587Z",
+ "updated": "2021-06-29T17:57:07.587Z"
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 10,
+ "fields": {
+ "type": 1,
+ "name": "V13: Malicious Code Verification Requirements",
+ "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* Malicious activity is handled securely and properly as to not affect the rest of the application.\r\n* Do not have time bombs or other time based attacks built into them\r\n* Do not phone home to malicious or unauthorized destinations\r\n* Applications do not have back doors, Easter eggs, salami attacks, or logic flaws that can be controlled by an attacker\r\n\r\nMalicious code is extremely rare, and is difficult to detect. Manual line by line code review can assist looking for logic bombs, but even the most experienced code reviewer will struggle to find malicious code even if they know it exists. This section is not possible to complete without access to source code, including as many third party libraries as possible.",
+ "references": "",
+ "enabled": true,
+ "created": "2021-06-29T18:11:08.320Z",
+ "updated": "2021-06-29T18:11:08.320Z"
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 11,
+ "fields": {
+ "type": 1,
+ "name": "V15: Business Logic Verification Requirements",
+ "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* The business logic flow is sequential and in order\r\n* Business logic includes limits to detect and prevent automated attacks, such as continuous small funds transfers, or adding a million friends one at a time, and so on.\r\n* High value business logic flows have considered abuse cases and malicious actors, and have protections against spoofing, tampering, repudiation, information disclosure, and elevation of privilege attacks.",
+ "references": "* [OWASP Testing Guide 4.0: Business Logic Testing ](https://www.owasp.org/index.php/Testing_for_business_logic)\r\n* [OWASP Cheat Sheet](https://www.owasp.org/index.php/Business_Logic_Security_Cheat_Sheet)",
+ "enabled": true,
+ "created": "2021-06-29T18:13:46.162Z",
+ "updated": "2021-06-29T18:13:46.162Z"
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 12,
+ "fields": {
+ "type": 1,
+ "name": "V16: File and Resources Verification Requirements",
+ "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* Untrusted file data should be handled accordingly and in a secure manner\r\n* Obtained from untrusted sources are stored outside the webroot and limited permissions.",
+ "references": "",
+ "enabled": true,
+ "created": "2021-06-29T18:23:02.384Z",
+ "updated": "2021-06-29T18:23:02.384Z"
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 13,
+ "fields": {
+ "type": 1,
+ "name": "V18: API and Web Service Verification Requirements",
+ "objective": "Ensure that a verified application that uses RESTful or SOAP based web services has:\r\n\r\n* Adequate authentication, session management and authorization of all web services\r\n* Input validation of all parameters that transit from a lower to higher trust level\r\n* Basic interoperability of SOAP web services layer to promote API use",
+ "references": "* [OWASP Testing Guide 4.0: Configuration and Deployment Management Testing](https://www.owasp.org/index.php/Testing_for_configuration_management)\r\n* [OWASP Cross-Site Request Forgery cheat sheet](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet)\r\n* [JSON Web Tokens (and Signing)](https://jwt.io/)",
+ "enabled": true,
+ "created": "2021-06-29T18:35:16.622Z",
+ "updated": "2021-06-29T18:35:16.622Z"
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 14,
+ "fields": {
+ "type": 1,
+ "name": "V19: Configuration Verification Requirements",
+ "objective": "* Up to date libraries and platform(s).\r\n* A secure by default configuration.\r\n* Sufficient hardening that user initiated changes to default configuration do not unnecessarily expose or create security weaknesses or flaws to underlying systems.",
+ "references": "* [OWASP Testing Guide 4.0: Configuration and Deployment Management Testing](https://www.owasp.org/index.php/Testing_for_configuration_management)",
+ "enabled": true,
+ "created": "2021-06-29T18:35:55.518Z",
+ "updated": "2021-06-29T18:35:55.518Z"
+ }
+},
+{
+ "model": "dojo.benchmark_category",
+ "pk": 15,
+ "fields": {
+ "type": 1,
+ "name": "V20: Internet of Things Verification Requirements",
+ "objective": "Embedded/IoT devices should:\r\n\r\n* Have the same level of security controls within the device as found in the server, by enforcing security controls in a trusted environment.\r\n* Sensitive data stored on the device should be done so in a secure manner.\r\n* All sensitive data transmitted from the device should utilize transport layer security.",
+ "references": "* [OWASP Internet of Things Top 10](https://www.owasp.org/files/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf)\r\n* [OWASP Internet of Things Project](https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project)\r\n* [Trudy TCP Proxy Tool](https://github.com/praetorian-inc/trudy)",
+ "enabled": true,
+ "created": "2021-06-29T18:36:37.446Z",
+ "updated": "2021-06-29T18:36:37.446Z"
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 1,
+ "fields": {
+ "category": 1,
+ "objective_number": "7.2",
+ "objective": "Verify that all cryptographic modules fail securely, and errors are handled in a way that does not enable Padding Oracle.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-22T12:37:28.273Z",
+ "updated": "2021-06-22T12:37:28.273Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 2,
+ "fields": {
+ "category": 1,
+ "objective_number": "7.6",
+ "objective": "Verify that all random numbers, random file names, random GUIDs, and random strings are generated using the cryptographic modules approved random number generator when these random values are intended to be not guessable by an attacker.\",",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-23T08:40:34.631Z",
+ "updated": "2021-06-23T08:40:34.631Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 3,
+ "fields": {
+ "category": 1,
+ "objective_number": "7.7",
+ "objective": "Verify that cryptographic algorithms used by the application have been validated against FIPS 140-2 or an equivalent standard.",
+ "references": "",
+ "level_1": true,
+ "level_2": false,
+ "level_3": false,
+ "enabled": true,
+ "created": "2021-06-23T12:55:37.713Z",
+ "updated": "2021-06-23T12:55:37.713Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 4,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.1",
+ "objective": "Verify all pages and resources are protected by server-side authentication, except those specifically intended to be public.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-28T13:07:20.805Z",
+ "updated": "2021-06-28T13:07:20.805Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 5,
+ "fields": {
+ "category": 3,
+ "objective_number": "1.1",
+ "objective": "All app components are identified and known to be needed.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T09:51:05.383Z",
+ "updated": "2021-06-29T09:51:05.383Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 6,
+ "fields": {
+ "category": 3,
+ "objective_number": "1.2",
+ "objective": "Security controls are never enforced only on the client side, but on the respective remote endpoints.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T09:52:09.763Z",
+ "updated": "2021-06-29T09:52:09.763Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 7,
+ "fields": {
+ "category": 3,
+ "objective_number": "1.3",
+ "objective": "A high-level architecture for the application and all connected remote services has been defined and security has been addressed in that architecture.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T09:52:27.454Z",
+ "updated": "2021-06-29T09:52:27.454Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 8,
+ "fields": {
+ "category": 3,
+ "objective_number": "1.4",
+ "objective": "Data considered sensitive in the context of the application is clearly identified.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T09:52:59.300Z",
+ "updated": "2021-06-29T09:52:59.300Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 9,
+ "fields": {
+ "category": 3,
+ "objective_number": "1.5",
+ "objective": "All app components are defined in terms of the business functions and/or security functions they provide.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T09:53:42.466Z",
+ "updated": "2021-06-29T09:53:42.466Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 11,
+ "fields": {
+ "category": 3,
+ "objective_number": "1.6",
+ "objective": "A threat model for the application and the associated remote services has been produced that identifies potential threats and countermeasures.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T09:54:29.724Z",
+ "updated": "2021-06-29T09:54:29.724Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 12,
+ "fields": {
+ "category": 3,
+ "objective_number": "1.7",
+ "objective": "All security controls have a centralized implementation.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T09:54:45.671Z",
+ "updated": "2021-06-29T09:54:45.671Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 13,
+ "fields": {
+ "category": 3,
+ "objective_number": "1.8",
+ "objective": "Components are segregated from each other via a defined security control, such as network segmentation, firewall rules, or cloud based security group",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T09:55:21.677Z",
+ "updated": "2021-06-29T09:55:21.677Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 14,
+ "fields": {
+ "category": 3,
+ "objective_number": "1.9",
+ "objective": "A mechanism for enforcing updates of the application exists.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T09:55:36.823Z",
+ "updated": "2021-06-29T09:55:36.823Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 15,
+ "fields": {
+ "category": 3,
+ "objective_number": "1.10",
+ "objective": "Security is addressed within all parts of the software development lifecycle.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T09:56:13.684Z",
+ "updated": "2021-06-29T09:56:13.684Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 16,
+ "fields": {
+ "category": 3,
+ "objective_number": "1.11",
+ "objective": "All application components, libraries, modules, frameworks, platform, and operating systems are free from known vulnerabilities",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T09:56:43.648Z",
+ "updated": "2021-06-29T09:56:43.648Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 17,
+ "fields": {
+ "category": 3,
+ "objective_number": "1.12",
+ "objective": "There is an explicit policy for how cryptographic keys (if any) are managed, and the lifecycle of cryptographic keys is enforced. Ideally, follow a key management standard such as NIST SP 800-57.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T09:57:12.345Z",
+ "updated": "2021-06-29T09:57:12.345Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 18,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.2",
+ "objective": "Verify that the application does not automatically fill in credentials either as hidden fields, URL arguments, Ajax requests, or in forms, as this implies plain text, reversible or de-cryptable password storage. Random time limited nonces are acceptable as stand ins, such as to protect change password forms or forgot password forms.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:47:59.343Z",
+ "updated": "2021-06-29T10:47:59.343Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 19,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.6",
+ "objective": "Verify all authentication controls fail securely to ensure attackers cannot log in.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:48:16.224Z",
+ "updated": "2021-06-29T10:48:16.224Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 20,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.7",
+ "objective": "Verify password entry fields allow, or encourage, the use of passphrases, and do not prevent long passphrases or highly complex passwords being entered.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:48:36.593Z",
+ "updated": "2021-06-29T10:48:36.593Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 21,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.8",
+ "objective": "Verify all identity functions (e.g. forgot password, change password, change email, manage 2FA token, etc.) have the security controls, as the primary authentication mechanism (e.g. login form).",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:49:04.310Z",
+ "updated": "2021-06-29T10:49:04.310Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 22,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.9",
+ "objective": "Verify that the changing password functionality includes the old password, the new password, and a password confirmation.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:49:21.570Z",
+ "updated": "2021-06-29T10:49:21.570Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 23,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.12",
+ "objective": "Verify that all authentication decisions can be logged, without storing sensitive session identifiers or passwords. This should include requests with relevant metadata needed for security investigations.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:49:49.215Z",
+ "updated": "2021-06-29T10:49:49.215Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 24,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.13",
+ "objective": "Verify that account passwords are one way hashed with a salt, and there is sufficient work factor to defeat brute force and password hash recovery attacks.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:50:07.859Z",
+ "updated": "2021-06-29T10:50:07.859Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 25,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.16",
+ "objective": "Verify that all application data is transmitted over an encrypted channel (e.g. TLS).",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:50:34.637Z",
+ "updated": "2021-06-29T10:50:34.637Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 26,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.17",
+ "objective": "Verify that the forgotten password function and other recovery paths do not reveal the current password and that the new password is not sent in clear text to the user. A one time password reset link should be used instead.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:50:53.445Z",
+ "updated": "2021-06-29T10:50:53.445Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 27,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.18",
+ "objective": "Verify that information enumeration is not possible via login, password reset, or forgot account functionality.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:51:09.766Z",
+ "updated": "2021-06-29T10:51:09.766Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 28,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.19",
+ "objective": "Verify there are no default passwords in use for the application framework or any components used by the application (such as admin/password).",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:51:28.174Z",
+ "updated": "2021-06-29T10:51:28.174Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 29,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.20",
+ "objective": "Verify that anti-automation is in place to prevent breached credential testing, brute forcing, and account lockout attacks.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:51:47.647Z",
+ "updated": "2021-06-29T10:51:47.647Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 30,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.21",
+ "objective": "Verify that all authentication credentials for accessing services external to the application are encrypted and stored in a protected location.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:54:32.530Z",
+ "updated": "2021-06-29T10:54:32.530Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 31,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.22",
+ "objective": "Verify that forgotten password and other recovery paths use a TOTP or other soft token, mobile push, or other offline recovery mechanism. The use of SMS has been deprecated by NIST and should not be used.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:54:50.186Z",
+ "updated": "2021-06-29T10:54:50.186Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 32,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.23",
+ "objective": "Verify that account lockout is divided into soft and hard lock status, and these are not mutually exclusive. If an account is temporarily soft locked out due to a brute force attack, this should not reset the hard lock status.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:55:08.158Z",
+ "updated": "2021-06-29T10:55:08.158Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 33,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.24",
+ "objective": "Verify that if secret questions are required, the questions do not violate privacy laws and are sufficiently strong to protect accounts from malicious recovery.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:55:28.074Z",
+ "updated": "2021-06-29T10:55:28.074Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 34,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.25",
+ "objective": "Verify that high value applications can be configured to disallow the use of a configurable number of previous passwords.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:55:48.990Z",
+ "updated": "2021-06-29T10:55:48.990Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 35,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.26",
+ "objective": "Verify that sensitive operations (e.g. change password, change email address, add new biller, etc.) require re-authentication (e.g. password or 2FA token). This is in addition to CSRF measures, not instead.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:56:04.324Z",
+ "updated": "2021-06-29T10:56:04.324Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 36,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.27",
+ "objective": "Verify that measures are in place to block the use of commonly chosen passwords and weak pass-phrases.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:56:22.701Z",
+ "updated": "2021-06-29T10:56:22.701Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 37,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.28",
+ "objective": "Verify that all authentication challenges, whether successful or failed, should respond in the same average response time.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:56:44.117Z",
+ "updated": "2021-06-29T10:56:44.117Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 38,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.29",
+ "objective": "Verify that secrets, API keys, and passwords are not included in the source code, or online source code repositories.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:57:00.884Z",
+ "updated": "2021-06-29T10:57:00.884Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 39,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.31",
+ "objective": "Verify that users can enrol and use TOTP verification, two-factor, biometric (Touch ID or similar), or equivalent multi-factor authentication mechanism that provides protection against single factor credential disclosure.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:57:20.100Z",
+ "updated": "2021-06-29T10:57:20.100Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 40,
+ "fields": {
+ "category": 2,
+ "objective_number": "2.32",
+ "objective": "Verify that access to administrative interfaces are strictly controlled and not accessible to untrusted parties.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:57:37.083Z",
+ "updated": "2021-06-29T10:57:37.083Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 41,
+ "fields": {
+ "category": 2,
+ "objective_number": "3.1",
+ "objective": "Verify that the application is compatible with browser based and third party password managers, unless prohibited by risk based policy.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T10:57:54.657Z",
+ "updated": "2021-06-29T10:57:54.657Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 42,
+ "fields": {
+ "category": 4,
+ "objective_number": "3.2",
+ "objective": "Verify that sessions are invalidated when the user logs out.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:03:24.654Z",
+ "updated": "2021-06-29T11:03:24.654Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 43,
+ "fields": {
+ "category": 4,
+ "objective_number": "3.3",
+ "objective": "Verify that sessions timeout after a specified period of inactivity.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:03:42.209Z",
+ "updated": "2021-06-29T11:03:42.209Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 44,
+ "fields": {
+ "category": 4,
+ "objective_number": "3.4",
+ "objective": "Verify that sessions timeout after an administratively-configurable maximum time period regardless of activity (an absolute timeout).",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:04:05.047Z",
+ "updated": "2021-06-29T11:04:05.047Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 45,
+ "fields": {
+ "category": 4,
+ "objective_number": "3.5",
+ "objective": "Verify that all pages that require authentication have easy and visible access to logout functionality.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:04:26.223Z",
+ "updated": "2021-06-29T11:04:26.223Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 46,
+ "fields": {
+ "category": 4,
+ "objective_number": "3.6",
+ "objective": "Test that the session ID is never disclosed in URLs, error messages, or logs. This includes verifying that the application does not support URL rewriting of session cookies.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:04:46.281Z",
+ "updated": "2021-06-29T11:04:46.281Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 47,
+ "fields": {
+ "category": 4,
+ "objective_number": "3.7",
+ "objective": "Verify that all successful authentication and re-authentication generates a new session and session id.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:05:07.271Z",
+ "updated": "2021-06-29T11:05:07.271Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 48,
+ "fields": {
+ "category": 4,
+ "objective_number": "3.10",
+ "objective": "Verify that only session ids generated by the application framework are recognised as active by the application.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:05:28.910Z",
+ "updated": "2021-06-29T11:05:28.910Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 49,
+ "fields": {
+ "category": 4,
+ "objective_number": "3.11",
+ "objective": "Test session IDs against criteria such as their randomness, uniqueness, resistance to statistical and cryptographic analysis and information leakage.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:05:44.227Z",
+ "updated": "2021-06-29T11:05:44.227Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 50,
+ "fields": {
+ "category": 4,
+ "objective_number": "3.12",
+ "objective": "Verify that session IDs stored in cookies are scoped using the 'path' attribute; and have the 'HttpOnly' and 'Secure' cookie flags enabled.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:06:03.581Z",
+ "updated": "2021-06-29T11:06:03.581Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 51,
+ "fields": {
+ "category": 4,
+ "objective_number": "3.17",
+ "objective": "Verify that the application tracks all active sessions. And allows users to terminate sessions selectively or globally from their account.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:06:26.772Z",
+ "updated": "2021-06-29T11:06:26.772Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 52,
+ "fields": {
+ "category": 4,
+ "objective_number": "3.18",
+ "objective": "Verify for high value applications that the user is prompted with the option to terminate all other active sessions after a successful change password process.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:06:53.011Z",
+ "updated": "2021-06-29T11:06:53.011Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 53,
+ "fields": {
+ "category": 5,
+ "objective_number": "4.1",
+ "objective": "Verify that the principle of least privilege exists - users should only be able to access functions, data files, URLs, controllers, services, and other resources, for which they possess specific authorization. This implies protection against spoofing and elevation of privilege.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:09:31.529Z",
+ "updated": "2021-06-29T11:09:31.529Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 54,
+ "fields": {
+ "category": 5,
+ "objective_number": "4.4",
+ "objective": "Verify that access to sensitive records is protected, such that only authorized objects or data is accessible to each user (for example, protect against users tampering with a parameter to see or alter another user's account).",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:09:48.249Z",
+ "updated": "2021-06-29T11:09:48.249Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 55,
+ "fields": {
+ "category": 5,
+ "objective_number": "4.5",
+ "objective": "Verify that directory browsing is disabled unless deliberately desired. Additionally, applications should not allow discovery or disclosure of file or directory metadata, such as Thumbs.db, .DS_Store, .git or .svn folders.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:10:05.314Z",
+ "updated": "2021-06-29T11:10:05.314Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 56,
+ "fields": {
+ "category": 5,
+ "objective_number": "4.8",
+ "objective": "Verify that access controls fail securely.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:10:23.333Z",
+ "updated": "2021-06-29T11:10:23.333Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 57,
+ "fields": {
+ "category": 5,
+ "objective_number": "4.9",
+ "objective": "Verify that the same access control rules implied by the presentation layer are enforced on the server side.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:10:44.662Z",
+ "updated": "2021-06-29T11:10:44.662Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 58,
+ "fields": {
+ "category": 5,
+ "objective_number": "4.10",
+ "objective": "Verify that all user and data attributes and policy information used by access controls cannot be manipulated by end users unless specifically authorized.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:11:09.221Z",
+ "updated": "2021-06-29T11:11:09.221Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 59,
+ "fields": {
+ "category": 5,
+ "objective_number": "4.11",
+ "objective": "Verify that there is a centralized mechanism (including libraries that call external authorization services) for protecting access to each type of protected resource.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:11:27.195Z",
+ "updated": "2021-06-29T11:11:27.195Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 60,
+ "fields": {
+ "category": 5,
+ "objective_number": "4.12",
+ "objective": "Verify that all access control decisions can be logged and all failed decisions are logged.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:11:42.332Z",
+ "updated": "2021-06-29T11:11:42.332Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 61,
+ "fields": {
+ "category": 5,
+ "objective_number": "4.13",
+ "objective": "Verify that the application or framework uses strong random anti-CSRF tokens or has another transaction protection mechanism.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:12:15.969Z",
+ "updated": "2021-06-29T11:12:15.969Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 62,
+ "fields": {
+ "category": 5,
+ "objective_number": "4.4",
+ "objective": "Verify the system can protect against aggregate or continuous access of secured functions, resources, or data. For example, consider the use of a resource governor to limit the number of edits per hour or to prevent the entire database from being scraped by an individual user.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:12:31.357Z",
+ "updated": "2021-06-29T11:12:31.357Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 63,
+ "fields": {
+ "category": 5,
+ "objective_number": "4.15",
+ "objective": "Verify the application has additional authorization (such as step up or adaptive authentication) for lower value systems, and / or segregation of duties for high value applications to enforce anti-fraud controls as per the risk of application and past fraud.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:12:55.170Z",
+ "updated": "2021-06-29T11:12:55.170Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 64,
+ "fields": {
+ "category": 5,
+ "objective_number": "4.16",
+ "objective": "Verify that the application correctly enforces context-sensitive authorisation so as to not allow unauthorised manipulation by means of parameter tampering.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:13:13.009Z",
+ "updated": "2021-06-29T11:13:13.009Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 65,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.3",
+ "objective": "Verify that server side input validation failures result in request rejection and are logged.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:19:50.413Z",
+ "updated": "2021-06-29T11:19:50.413Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 66,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.5",
+ "objective": "Verify that input validation routines are enforced on the server side.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:20:14.088Z",
+ "updated": "2021-06-29T11:20:14.088Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 67,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.6",
+ "objective": "Verify that a centralized input validation control mechanism is used by the application.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:20:34.745Z",
+ "updated": "2021-06-29T11:20:34.745Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 68,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.10",
+ "objective": "Verify that all database queries are protected by the use of parameterized queries or proper ORM usage to avoid SQL injection.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:20:50.454Z",
+ "updated": "2021-06-29T11:20:50.454Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 69,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.11",
+ "objective": "Verify that the application is not susceptible to LDAP Injection, or that security controls prevent LDAP Injection.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:21:06.964Z",
+ "updated": "2021-06-29T11:21:06.964Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 70,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.12",
+ "objective": "Verify that the application is not susceptible to OS Command Injection, or that security controls prevent OS Command Injection.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:21:23.126Z",
+ "updated": "2021-06-29T11:21:23.126Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 71,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.13",
+ "objective": "Verify that the application is not susceptible to Remote File Inclusion (RFI) or Local File Inclusion (LFI) when content is used that is a path to a file.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:21:40.437Z",
+ "updated": "2021-06-29T11:21:40.437Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 72,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.14",
+ "objective": "Verify that the application is not susceptible XPath injection or XML injection attacks.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:21:55.675Z",
+ "updated": "2021-06-29T11:21:55.675Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 73,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.15",
+ "objective": "Verify that all string variables placed into HTML or other web client code are either properly contextually encoded manually, or utilize templates that automatically contextually encode to ensure the application is not susceptible to reflected, stored or DOM Cross-Site Scripting (XSS) attacks.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:22:11.541Z",
+ "updated": "2021-06-29T11:22:11.541Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 74,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.16",
+ "objective": "Verify that the application does not contain mass parameter assignment (AKA automatic variable binding) vulnerabilities.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:22:30.790Z",
+ "updated": "2021-06-29T11:22:30.790Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 75,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.17",
+ "objective": "Verify that the application has defenses against HTTP parameter pollution attacks, particularly if the application framework makes no distinction about the source of request parameters (GET, POST, cookies, headers, environment, etc.)",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:22:49.904Z",
+ "updated": "2021-06-29T11:22:49.904Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 76,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.19",
+ "objective": "Verify that all input data is validated, not only HTML form fields but all sources of input such as REST calls, query parameters, HTTP headers, cookies, batch files, RSS feeds, etc; using positive validation (whitelisting), then lesser forms of validation such as grey listing (eliminating known bad strings), or rejecting bad inputs (blacklisting).",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:23:08.013Z",
+ "updated": "2021-06-29T11:23:08.013Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 77,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.20",
+ "objective": "Verify that structured data is strongly typed and validated against a defined schema including allowed characters, length and pattern (e.g. credit card numbers or telephone, or validating that two related fields are reasonable, such as validating suburbs and zip or post codes match).",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:26:04.647Z",
+ "updated": "2021-06-29T11:26:04.647Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 78,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.21",
+ "objective": "Verify that unstructured data is sanitized to enforce generic safety measures such as allowed characters and length, and characters potentially harmful in given context should be escaped (e.g. natural names with Unicode or apostrophes, such as O'Hara)",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:26:44.642Z",
+ "updated": "2021-06-29T11:26:44.642Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 79,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.22",
+ "objective": "Verify that all untrusted HTML input from WYSIWYG editors or similar is properly sanitized with an HTML sanitizer library or framework feature.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:27:09.785Z",
+ "updated": "2021-06-29T11:27:09.785Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 80,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.24",
+ "objective": "Verify that where data is transferred from one DOM context to another, the transfer uses safe JavaScript methods, such as using innerText or .val to ensure the application is not susceptible to DOM Cross-Site Scripting (XSS) attacks.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:27:28.549Z",
+ "updated": "2021-06-29T11:27:28.549Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 81,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.25",
+ "objective": "Verify when parsing JSON in browsers or JavaScript based backends, that JSON.parse is used to parse the JSON document. Do not use eval() to parse JSON.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:27:44.629Z",
+ "updated": "2021-06-29T11:27:44.629Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 82,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.27",
+ "objective": "Verify the application for Server Side Request Forgery vulnerabilities.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:28:10.149Z",
+ "updated": "2021-06-29T11:28:10.149Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 83,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.28",
+ "objective": "Verify that the application correctly restricts XML parsers to only use the most restrictive configuration possible and to ensure that dangerous features such as resolving external entities are disabled.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:28:30.927Z",
+ "updated": "2021-06-29T11:28:30.927Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 84,
+ "fields": {
+ "category": 6,
+ "objective_number": "5.29",
+ "objective": "Verify that deserialization of untrusted data is avoided or is extensively protected when deserialization cannot be avoided.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:28:49.023Z",
+ "updated": "2021-06-29T11:28:49.023Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 85,
+ "fields": {
+ "category": 1,
+ "objective_number": "7.8",
+ "objective": "Verify that cryptographic modules operate in their approved mode according to their published security policies.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:30:40.745Z",
+ "updated": "2021-06-29T11:30:40.745Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 86,
+ "fields": {
+ "category": 1,
+ "objective_number": "7.9",
+ "objective": "Verify that there is an explicit policy for how cryptographic keys are managed (e.g., generated, distributed, revoked, and expired). Verify that this key lifecycle is properly enforced.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:31:34.511Z",
+ "updated": "2021-06-29T11:31:34.511Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 87,
+ "fields": {
+ "category": 1,
+ "objective_number": "7.11",
+ "objective": "Verify that all consumers of cryptographic services do not have direct access to key material. Isolate cryptographic processes, including master secrets and consider the use of a virtualized or physical hardware key vault (HSM).",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:31:55.623Z",
+ "updated": "2021-06-29T11:31:55.623Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 88,
+ "fields": {
+ "category": 1,
+ "objective_number": "7.12",
+ "objective": "Verify that Personally Identifiable Information (PII) and other sensitive data is stored encrypted while at rest.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:32:13.340Z",
+ "updated": "2021-06-29T11:32:13.340Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 89,
+ "fields": {
+ "category": 1,
+ "objective_number": "7.13",
+ "objective": "Verify that sensitive passwords or key material maintained in memory is overwritten with zeros as soon as it is no longer required, to mitigate memory dumping attacks.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:32:44.415Z",
+ "updated": "2021-06-29T11:32:44.415Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 90,
+ "fields": {
+ "category": 1,
+ "objective_number": "7.14",
+ "objective": "Verify that all keys and passwords are replaceable, and are generated or replaced at installation time.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:33:57.883Z",
+ "updated": "2021-06-29T11:33:57.883Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 91,
+ "fields": {
+ "category": 1,
+ "objective_number": "7.15",
+ "objective": "Verify that random numbers are created with proper entropy even when the application is under heavy load, or that the application degrades gracefully in such circumstances.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:34:17.766Z",
+ "updated": "2021-06-29T11:34:17.766Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 92,
+ "fields": {
+ "category": 7,
+ "objective_number": "8.1",
+ "objective": "Verify that the application does not output error messages or stack traces containing sensitive data that could assist an attacker, including session id, software/framework versions and personal information.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:36:36.883Z",
+ "updated": "2021-06-29T11:36:36.883Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 93,
+ "fields": {
+ "category": 7,
+ "objective_number": "8.2",
+ "objective": "Verify that error handling logic in security controls denies access by default.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:36:58.013Z",
+ "updated": "2021-06-29T11:36:58.013Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 94,
+ "fields": {
+ "category": 7,
+ "objective_number": "8.3",
+ "objective": "Verify security logging controls provide the ability to log success and particularly failure events that are identified as security-relevant.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:44:27.487Z",
+ "updated": "2021-06-29T11:44:27.487Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 95,
+ "fields": {
+ "category": 7,
+ "objective_number": "8.4",
+ "objective": "Verify that each log event includes necessary information that would allow for a detailed investigation of the timeline when an event happens.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:44:46.451Z",
+ "updated": "2021-06-29T11:44:46.451Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 96,
+ "fields": {
+ "category": 7,
+ "objective_number": "8.5",
+ "objective": "Verify that all events that include untrusted data will not execute as code in the intended log viewing software.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:45:02.199Z",
+ "updated": "2021-06-29T11:45:02.199Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 97,
+ "fields": {
+ "category": 7,
+ "objective_number": "8.6",
+ "objective": "Verify that security logs are protected from unauthorized access and modification.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:45:22.653Z",
+ "updated": "2021-06-29T11:45:22.653Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 98,
+ "fields": {
+ "category": 7,
+ "objective_number": "8.7",
+ "objective": "Verify that the application does not log sensitive data as defined under local privacy laws or regulations, organizational sensitive data as defined by a risk assessment, or sensitive authentication data that could assist an attacker, including user's session identifiers, passwords, hashes, or API tokens.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:45:49.298Z",
+ "updated": "2021-06-29T11:45:49.298Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 99,
+ "fields": {
+ "category": 7,
+ "objective_number": "8.8",
+ "objective": "Verify that all non-printable symbols and field separators are properly encoded in log entries, to prevent log injection.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:46:04.125Z",
+ "updated": "2021-06-29T11:46:04.125Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 100,
+ "fields": {
+ "category": 7,
+ "objective_number": "8.9",
+ "objective": "Verify that log fields from trusted and untrusted sources are distinguishable in log entries.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:46:26.650Z",
+ "updated": "2021-06-29T11:46:26.650Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 101,
+ "fields": {
+ "category": 7,
+ "objective_number": "8.10",
+ "objective": "Verify that an audit log or similar allows for non-repudiation of key transactions.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:46:45.582Z",
+ "updated": "2021-06-29T11:46:45.582Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 102,
+ "fields": {
+ "category": 7,
+ "objective_number": "8.11",
+ "objective": "Verify that security logs have some form of integrity checking or controls to prevent unauthorized modification.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:47:02.190Z",
+ "updated": "2021-06-29T11:47:02.190Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 103,
+ "fields": {
+ "category": 7,
+ "objective_number": "8.12",
+ "objective": "Verify that security logs have some form of integrity checking or controls to prevent unauthorized modification.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:47:46.283Z",
+ "updated": "2021-06-29T11:47:46.283Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 104,
+ "fields": {
+ "category": 7,
+ "objective_number": "8.13",
+ "objective": "Verify that time sources are synchronized to the correct time and time zone.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T11:48:05.620Z",
+ "updated": "2021-06-29T11:48:05.620Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 105,
+ "fields": {
+ "category": 8,
+ "objective_number": "9.1",
+ "objective": "Verify that all forms containing sensitive information have disabled client side caching, including autocomplete features.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T12:25:19.688Z",
+ "updated": "2021-06-29T12:25:19.688Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 106,
+ "fields": {
+ "category": 8,
+ "objective_number": "9.2",
+ "objective": "Verify that the list of sensitive data processed by the application is identified, and that there is an explicit policy for how access to this data must be controlled, encrypted and enforced under relevant data protection directives.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T12:25:40.315Z",
+ "updated": "2021-06-29T12:25:40.315Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 107,
+ "fields": {
+ "category": 8,
+ "objective_number": "9.3",
+ "objective": "Verify that all sensitive data is sent to the server in the HTTP message body or headers (i.e., URL parameters are never used to send sensitive data).",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T12:25:56.919Z",
+ "updated": "2021-06-29T12:25:56.919Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 108,
+ "fields": {
+ "category": 8,
+ "objective_number": "9.4",
+ "objective": "Verify that the application sets sufficient anti-caching headers such that any sensitive and personal information displayed by the application or entered by the user should not be cached on disk by mainstream modern browsers (e.g. visit about:cache to review disk cache).",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T12:26:14.205Z",
+ "updated": "2021-06-29T12:26:14.205Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 109,
+ "fields": {
+ "category": 8,
+ "objective_number": "9.5",
+ "objective": "Verify that on the server, all cached or temporary copies of sensitive data stored are protected from unauthorized access or purged/invalidated after the authorized user accesses the sensitive data.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T12:26:30.429Z",
+ "updated": "2021-06-29T12:26:30.429Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 110,
+ "fields": {
+ "category": 8,
+ "objective_number": "9.6",
+ "objective": "Verify that there is a method to remove each type of sensitive data from the application at the end of the required retention policy.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T12:26:45.509Z",
+ "updated": "2021-06-29T12:26:45.509Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 111,
+ "fields": {
+ "category": 8,
+ "objective_number": "9.7",
+ "objective": "Verify the application minimizes the number of parameters in a request, such as hidden fields, Ajax variables, cookies and header values.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T12:27:04.786Z",
+ "updated": "2021-06-29T12:27:04.786Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 112,
+ "fields": {
+ "category": 8,
+ "objective_number": "9.8",
+ "objective": "Verify the application has the ability to detect and alert on abnormal numbers of requests for data harvesting for an example screen scraping.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T12:27:20.007Z",
+ "updated": "2021-06-29T12:27:20.007Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 113,
+ "fields": {
+ "category": 8,
+ "objective_number": "9.9",
+ "objective": "Verify that data stored in client side storage (such as HTML5 local storage, session storage, IndexedDB, regular cookies or Flash cookies) does not contain sensitive data or PII.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T12:27:37.137Z",
+ "updated": "2021-06-29T12:27:37.137Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 114,
+ "fields": {
+ "category": 8,
+ "objective_number": "9.10",
+ "objective": "Verify accessing sensitive data is logged, if the data is collected under relevant data protection directives or where logging of accesses is required.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T12:28:01.849Z",
+ "updated": "2021-06-29T12:28:01.849Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 115,
+ "fields": {
+ "category": 8,
+ "objective_number": "9.11",
+ "objective": "Verify that sensitive information maintained in memory is overwritten with zeros as soon as it is no longer required, to mitigate memory dumping attacks.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T12:28:19.464Z",
+ "updated": "2021-06-29T12:28:19.464Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 116,
+ "fields": {
+ "category": 8,
+ "objective_number": "9.14",
+ "objective": "Verify that authenticated data is cleared from client storage, such as the browser DOM, after the client or session is terminated.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T12:28:36.368Z",
+ "updated": "2021-06-29T12:28:36.368Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 117,
+ "fields": {
+ "category": 9,
+ "objective_number": "10.1",
+ "objective": "Verify that a path can be built from a trusted CA to each Transport Layer Security (TLS) server certificate, and that each server certificate is valid.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T17:57:51.724Z",
+ "updated": "2021-06-29T17:57:51.724Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 118,
+ "fields": {
+ "category": 9,
+ "objective_number": "10.2",
+ "objective": "Verify that TLS is used for all connections (including both external and backend connections) that are authenticated or that involve sensitive data or functions, and does not fall back to insecure or unencrypted protocols. Ensure the strongest alternative is the preferred algorithm.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T17:58:08.701Z",
+ "updated": "2021-06-29T17:58:08.701Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 119,
+ "fields": {
+ "category": 9,
+ "objective_number": "10.3",
+ "objective": "Verify that backend TLS connection failures are logged.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T17:58:43.008Z",
+ "updated": "2021-06-29T17:58:43.008Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 120,
+ "fields": {
+ "category": 9,
+ "objective_number": "10.4",
+ "objective": "Verify that certificate paths are built and verified for all client certificates using configured trust anchors and revocation information.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T17:59:00.835Z",
+ "updated": "2021-06-29T17:59:00.835Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 121,
+ "fields": {
+ "category": 9,
+ "objective_number": "10.5",
+ "objective": "Verify that all connections to external systems that involve sensitive information or functions are authenticated.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T17:59:17.563Z",
+ "updated": "2021-06-29T17:59:17.563Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 122,
+ "fields": {
+ "category": 9,
+ "objective_number": "10.6",
+ "objective": "Verify that there is a single standard TLS implementation that is used by the application that is configured to operate in an approved mode of operation.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T17:59:33.860Z",
+ "updated": "2021-06-29T17:59:33.860Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 123,
+ "fields": {
+ "category": 9,
+ "objective_number": "10.7",
+ "objective": "Verify that TLS certificate public key pinning (HPKP) is implemented with production and backup public keys. For more information, please see the references below.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T17:59:57.308Z",
+ "updated": "2021-06-29T17:59:57.308Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 124,
+ "fields": {
+ "category": 9,
+ "objective_number": "10.8",
+ "objective": "Verify that HTTP Strict Transport Security headers are included on all requests and for all subdomains, such as Strict-Transport-Security: max-age=15724800; includeSubdomains",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:00:23.218Z",
+ "updated": "2021-06-29T18:00:23.218Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 125,
+ "fields": {
+ "category": 9,
+ "objective_number": "10.9",
+ "objective": "Verify that production website URL has been submitted to preloaded list of Strict Transport Security domains maintained by web browser vendors. Please see the references below.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:00:46.523Z",
+ "updated": "2021-06-29T18:00:46.523Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 126,
+ "fields": {
+ "category": 9,
+ "objective_number": "10.11",
+ "objective": "Verify that perfect forward secrecy is configured to mitigate passive attackers recording traffic.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:01:11.667Z",
+ "updated": "2021-06-29T18:01:11.667Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 127,
+ "fields": {
+ "category": 9,
+ "objective_number": "10.11",
+ "objective": "Verify that proper certification revocation, such as Online Certificate Status Protocol (OCSP) Stapling, is enabled and configured.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:01:31.481Z",
+ "updated": "2021-06-29T18:01:31.481Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 128,
+ "fields": {
+ "category": 9,
+ "objective_number": "10.13",
+ "objective": "Verify that only strong algorithms, ciphers, and protocols are used, through all the certificate hierarchy, including root and intermediary certificates of your selected certifying authority.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:01:46.036Z",
+ "updated": "2021-06-29T18:01:46.036Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 129,
+ "fields": {
+ "category": 9,
+ "objective_number": "10.14",
+ "objective": "Verify that the TLS settings are in line with current leading practice, particularly as common configurations, ciphers, and algorithms become insecure.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:02:06.170Z",
+ "updated": "2021-06-29T18:02:06.170Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 130,
+ "fields": {
+ "category": 10,
+ "objective_number": "13.1",
+ "objective": "Verify all malicious activity is adequately sandboxed, containerized or isolated to delay and deter attackers from attacking other applications.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:11:51.230Z",
+ "updated": "2021-06-29T18:11:51.230Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 131,
+ "fields": {
+ "category": 10,
+ "objective_number": "13.2",
+ "objective": "Verify that the application source code, and as many third party libraries as possible, does not contain back doors, Easter eggs, and logic flaws in authentication, access control, input validation, and the business logic of high value transactions.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:12:07.933Z",
+ "updated": "2021-06-29T18:12:07.933Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 132,
+ "fields": {
+ "category": 11,
+ "objective_number": "15.1",
+ "objective": "Verify the application will only process business logic flows in sequential step order, with all steps being processed in realistic human time, and not process out of order, skipped steps, process steps from another user, or too quickly submitted transactions.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:14:19.422Z",
+ "updated": "2021-06-29T18:14:19.422Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 133,
+ "fields": {
+ "category": 11,
+ "objective_number": "15.2",
+ "objective": "Verify the application has business limits and correctly enforces on a per user basis, with configurable alerting and automated reactions to automated or unusual attack.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:14:36.697Z",
+ "updated": "2021-06-29T18:14:36.697Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 134,
+ "fields": {
+ "category": 12,
+ "objective_number": "16.1",
+ "objective": "Verify that URL redirects and forwards only allow whitelisted destinations, or show a warning when redirecting to potentially untrusted content.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:26:27.533Z",
+ "updated": "2021-06-29T18:26:27.533Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 135,
+ "fields": {
+ "category": 12,
+ "objective_number": "16.2",
+ "objective": "Verify that untrusted file data submitted to the application is not used directly with file I/O commands, particularly to protect against path traversal, local file include, file mime type, reflective file download, and OS command injection vulnerabilities.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:26:43.732Z",
+ "updated": "2021-06-29T18:26:43.732Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 136,
+ "fields": {
+ "category": 12,
+ "objective_number": "16.3",
+ "objective": "Verify that files obtained from untrusted sources are validated to be of expected type and scanned by antivirus scanners to prevent upload of known malicious content.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:27:09.137Z",
+ "updated": "2021-06-29T18:27:09.137Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 137,
+ "fields": {
+ "category": 12,
+ "objective_number": "16.4",
+ "objective": "Verify that untrusted data is not used within inclusion, class loader, or reflection capabilities to prevent remote/local code execution vulnerabilities.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:29:28.123Z",
+ "updated": "2021-06-29T18:29:28.123Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 138,
+ "fields": {
+ "category": 12,
+ "objective_number": "16.5",
+ "objective": "Verify that untrusted data is not used within cross-domain resource sharing (CORS) to protect against arbitrary remote content.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:29:48.225Z",
+ "updated": "2021-06-29T18:29:48.225Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 139,
+ "fields": {
+ "category": 12,
+ "objective_number": "16.6",
+ "objective": "Verify that files obtained from untrusted sources are stored outside the webroot, with limited permissions, preferably with strong validation.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:30:05.507Z",
+ "updated": "2021-06-29T18:30:05.507Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 140,
+ "fields": {
+ "category": 12,
+ "objective_number": "16.7",
+ "objective": "Verify that the web or application server is configured by default to deny access to remote resources or systems outside the web or application server.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:30:24.537Z",
+ "updated": "2021-06-29T18:30:24.537Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 141,
+ "fields": {
+ "category": 12,
+ "objective_number": "16.8",
+ "objective": "Verify the application code does not execute uploaded data obtained from untrusted sources.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:30:41.998Z",
+ "updated": "2021-06-29T18:30:41.998Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 142,
+ "fields": {
+ "category": 12,
+ "objective_number": "16.9",
+ "objective": "Verify that unsupported, insecure or deprecated client-side technologies are not used, such as NSAPI plugins, Flash, Shockwave, Active-X, Silverlight, NACL, or client-side Java applets.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:30:57.916Z",
+ "updated": "2021-06-29T18:30:57.916Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 143,
+ "fields": {
+ "category": 12,
+ "objective_number": "16.10",
+ "objective": "Verify that the cross-domain resource sharing (CORS) Access-Control-Allow-Origin header does not simply reflect the request's origin header or support the \"null\" origin.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-29T18:31:14.337Z",
+ "updated": "2021-06-29T18:31:14.337Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 144,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.1",
+ "objective": "Verify that application layer debugging interfaces such USB or serial are disabled.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:30:00.289Z",
+ "updated": "2021-06-30T03:30:00.289Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 145,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.2",
+ "objective": "Verify that cryptographic keys are unique to each individual device.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:30:19.974Z",
+ "updated": "2021-06-30T03:30:19.974Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 146,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.3",
+ "objective": "Verify that memory protection controls such as ASLR and DEP are enabled by the embedded/IoT operating system, if applicable.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:30:34.796Z",
+ "updated": "2021-06-30T03:30:34.796Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 147,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.4",
+ "objective": "Verify that on-chip debugging interfaces such as JTAG or SWD are disabled or that available protection mechanism is enabled and configured appropriately.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:30:55.266Z",
+ "updated": "2021-06-30T03:30:55.266Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 148,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.5",
+ "objective": "Verify that physical debug headers are not present on the device.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:31:42.393Z",
+ "updated": "2021-06-30T03:31:42.393Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 149,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.6",
+ "objective": "Verify that sensitive data is not stored unencrypted on the device.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:32:01.534Z",
+ "updated": "2021-06-30T03:32:01.534Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 150,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.7",
+ "objective": "Verify that the device prevents leaking of sensitive information.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:32:22.208Z",
+ "updated": "2021-06-30T03:32:22.208Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 151,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.8",
+ "objective": "Verify that the firmware apps protect data-in-transit using transport security.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:32:56.382Z",
+ "updated": "2021-06-30T03:32:56.382Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 152,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.9",
+ "objective": "Verify that the firmware apps validate the digital signature of server connections.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:33:18.948Z",
+ "updated": "2021-06-30T03:33:18.948Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 153,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.10",
+ "objective": "Verify that wireless communications are mutually authenticated.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:33:40.069Z",
+ "updated": "2021-06-30T03:33:40.069Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 154,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.11",
+ "objective": "Verify that wireless communications are sent over an encrypted channel.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:34:00.224Z",
+ "updated": "2021-06-30T03:34:00.224Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 155,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.12",
+ "objective": "Verify that the firmware apps pin the digital signature to a trusted server(s).",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:34:16.802Z",
+ "updated": "2021-06-30T03:34:16.802Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 156,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.13",
+ "objective": "Verify the presence of physical tamper resistance and/or tamper detection features, including epoxy.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:34:36.393Z",
+ "updated": "2021-06-30T03:34:36.393Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 157,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.14",
+ "objective": "Verify that identifying markings on chips have been removed.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:35:08.498Z",
+ "updated": "2021-06-30T03:35:08.498Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 158,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.15",
+ "objective": "Verify that any available Intellectual Property protection technologies provided by the chip manufacturer are enabled.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:35:24.271Z",
+ "updated": "2021-06-30T03:35:24.271Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 159,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.16",
+ "objective": "Verify security controls are in place to hinder firmware reverse engineering (e.g., removal of verbose debugging strings).",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:35:45.152Z",
+ "updated": "2021-06-30T03:35:45.152Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 160,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.17",
+ "objective": "Verify the device validates the boot image signature before loading.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:36:02.979Z",
+ "updated": "2021-06-30T03:36:02.979Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 161,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.18",
+ "objective": "Verify that the firmware update process is not vulnerable to time-of-check vs time-of-use attacks.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:36:19.093Z",
+ "updated": "2021-06-30T03:36:19.093Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 162,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.19",
+ "objective": "Verify the device uses code signing and validates firmware upgrade files before installing.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:36:34.926Z",
+ "updated": "2021-06-30T03:36:34.926Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 163,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.20",
+ "objective": "Verify that the device cannot be downgraded to old versions of valid firmware.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:36:52.972Z",
+ "updated": "2021-06-30T03:36:52.972Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 164,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.21",
+ "objective": "Verify usage of cryptographically secure pseudo-random number generator on embedded device (e.g., using chip-provided random number generators).",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:37:09.554Z",
+ "updated": "2021-06-30T03:37:09.554Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 165,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.22",
+ "objective": "Verify that the device wipes firmware and sensitive data upon detection of tampering or receipt of invalid message.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:37:31.703Z",
+ "updated": "2021-06-30T03:37:31.703Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 166,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.23",
+ "objective": "Verify that only microcontrollers that support disabling debugging interfaces (e.g. JTAG, SWD) are used.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:37:43.128Z",
+ "updated": "2021-06-30T03:37:43.128Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 167,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.24",
+ "objective": "Verify that only microcontrollers that provide substantial protection from de-capping and side channel attacks are used.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:37:57.432Z",
+ "updated": "2021-06-30T03:37:57.432Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 168,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.25",
+ "objective": "Verify that sensitive traces are not exposed to outer layers of the printed circuit board.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:38:10.177Z",
+ "updated": "2021-06-30T03:38:10.177Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 169,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.26",
+ "objective": "Verify that inter-chip communication is encrypted.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:38:22.674Z",
+ "updated": "2021-06-30T03:38:22.674Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 170,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.27",
+ "objective": "Verify the device uses code signing and validates code before execution.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:38:35.542Z",
+ "updated": "2021-06-30T03:38:35.542Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 171,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.27",
+ "objective": "Verify that sensitive information maintained in memory is overwritten with zeros as soon as it is no longer required.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:38:53.380Z",
+ "updated": "2021-06-30T03:38:53.380Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 172,
+ "fields": {
+ "category": 15,
+ "objective_number": "20.29",
+ "objective": "Verify that the firmware apps utilize kernel containers for isolation between apps.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:39:11.285Z",
+ "updated": "2021-06-30T03:39:11.285Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 173,
+ "fields": {
+ "category": 14,
+ "objective_number": "19.1",
+ "objective": "Verify that all components are up to date with proper security configuration(s) and version(s). This should include removal of unneeded configurations and folders such as sample applications, platform documentation, and default or example users.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:46:31.397Z",
+ "updated": "2021-06-30T03:46:31.397Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 174,
+ "fields": {
+ "category": 14,
+ "objective_number": "19.2",
+ "objective": "Verify that communications between components, such as between the application server and the database server, are encrypted, particularly when the components are in different containers or on different systems.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:46:49.459Z",
+ "updated": "2021-06-30T03:46:49.459Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 175,
+ "fields": {
+ "category": 14,
+ "objective_number": "19.3",
+ "objective": "Verify that communications between components, such as between the application server and the database server, is authenticated using an account with the least necessary privileges.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:47:06.199Z",
+ "updated": "2021-06-30T03:47:06.199Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 176,
+ "fields": {
+ "category": 14,
+ "objective_number": "19.4",
+ "objective": "Verify application deployments are adequately sandboxed, containerized or isolated to delay and deter attackers from attacking other applications.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:47:28.491Z",
+ "updated": "2021-06-30T03:47:28.491Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 177,
+ "fields": {
+ "category": 14,
+ "objective_number": "19.5",
+ "objective": "Verify that the application build and deployment processes are performed in a secure and repeatable method, such as CI / CD automation and automated configuration management.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:49:11.230Z",
+ "updated": "2021-06-30T03:49:11.230Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 178,
+ "fields": {
+ "category": 14,
+ "objective_number": "19.6",
+ "objective": "Verify that authorised administrators have the capability to verify the integrity of all security-relevant configurations to detect tampering.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:49:30.929Z",
+ "updated": "2021-06-30T03:49:30.929Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 179,
+ "fields": {
+ "category": 14,
+ "objective_number": "19.7",
+ "objective": "Verify that all application components are signed.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:49:47.862Z",
+ "updated": "2021-06-30T03:49:47.863Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 180,
+ "fields": {
+ "category": 14,
+ "objective_number": "19.8",
+ "objective": "Verify that third party components come from trusted repositories.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:50:05.648Z",
+ "updated": "2021-06-30T03:50:05.648Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 181,
+ "fields": {
+ "category": 14,
+ "objective_number": "19.9",
+ "objective": "Verify that build processes for system level languages have all security flags enabled, such as ASLR, DEP, and security checks.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:50:24.752Z",
+ "updated": "2021-06-30T03:50:24.752Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 182,
+ "fields": {
+ "category": 14,
+ "objective_number": "19.10",
+ "objective": "Verify that all application assets are hosted by the application, such as JavaScript libraries, CSS stylesheets and web fonts are hosted by the application rather than rely on a CDN or external provider.",
+ "references": "",
+ "level_1": false,
+ "level_2": false,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:50:41.104Z",
+ "updated": "2021-06-30T03:50:41.104Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 183,
+ "fields": {
+ "category": 14,
+ "objective_number": "19.11",
+ "objective": "Verify that all application components, services, and servers each use their own low privilege service account, that is not shared between applications nor used by administrators.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:50:57.938Z",
+ "updated": "2021-06-30T03:50:57.938Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 184,
+ "fields": {
+ "category": 13,
+ "objective_number": "18.1",
+ "objective": "Verify that the same encoding style is used between the client and the server.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:51:40.222Z",
+ "updated": "2021-06-30T03:51:40.222Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 185,
+ "fields": {
+ "category": 13,
+ "objective_number": "18.2",
+ "objective": "Verify that access to administration and management functions within the Web Service Application is limited to web service administrators.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:51:56.603Z",
+ "updated": "2021-06-30T03:51:56.603Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 186,
+ "fields": {
+ "category": 13,
+ "objective_number": "18.3",
+ "objective": "Verify that XML or JSON schema is in place and verified before accepting input.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:52:19.697Z",
+ "updated": "2021-06-30T03:52:19.697Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 187,
+ "fields": {
+ "category": 13,
+ "objective_number": "18.4",
+ "objective": "Verify that all input is limited to an appropriate size limit.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:52:36.709Z",
+ "updated": "2021-06-30T03:52:36.710Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 188,
+ "fields": {
+ "category": 13,
+ "objective_number": "18.5",
+ "objective": "Verify that SOAP based web services are compliant with Web Services-Interoperability (WS-I) Basic Profile at minimum. This essentially means TLS encryption.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:52:55.113Z",
+ "updated": "2021-06-30T03:52:55.113Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 189,
+ "fields": {
+ "category": 13,
+ "objective_number": "18.7",
+ "objective": "Verify that the REST service is protected from Cross-Site Request Forgery via the use of at least one or more of the following: double submit cookie pattern, CSRF nonces, ORIGIN request header checks, and referrer request header checks.",
+ "references": "",
+ "level_1": true,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:53:15.663Z",
+ "updated": "2021-06-30T03:53:15.663Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 190,
+ "fields": {
+ "category": 13,
+ "objective_number": "18.8",
+ "objective": "Verify the REST service explicitly check the incoming Content-Type to be the expected one, such as application/xml or application/json.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:53:34.549Z",
+ "updated": "2021-06-30T03:53:34.549Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 191,
+ "fields": {
+ "category": 13,
+ "objective_number": "18.9",
+ "objective": "Verify that the message payload is signed to ensure reliable transport between client and service, using JSON Web Signing or WS-Security for SOAP requests.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:53:54.736Z",
+ "updated": "2021-06-30T03:53:54.736Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_requirement",
+ "pk": 192,
+ "fields": {
+ "category": 13,
+ "objective_number": "18.10",
+ "objective": "Verify that alternative and less secure access paths do not exist.",
+ "references": "",
+ "level_1": false,
+ "level_2": true,
+ "level_3": true,
+ "enabled": true,
+ "created": "2021-06-30T03:54:23.078Z",
+ "updated": "2021-06-30T03:54:23.078Z",
+ "cwe_mapping": [],
+ "testing_guide": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 1,
+ "fields": {
+ "product": 1,
+ "control": 144,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.234Z",
+ "updated": "2021-11-04T08:22:00.234Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 2,
+ "fields": {
+ "product": 1,
+ "control": 145,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.234Z",
+ "updated": "2021-11-04T08:22:00.234Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 3,
+ "fields": {
+ "product": 1,
+ "control": 146,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.234Z",
+ "updated": "2021-11-04T08:22:00.234Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 4,
+ "fields": {
+ "product": 1,
+ "control": 147,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.234Z",
+ "updated": "2021-11-04T08:22:00.234Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 5,
+ "fields": {
+ "product": 1,
+ "control": 148,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.234Z",
+ "updated": "2021-11-04T08:22:00.234Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 6,
+ "fields": {
+ "product": 1,
+ "control": 149,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.234Z",
+ "updated": "2021-11-04T08:22:00.234Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 7,
+ "fields": {
+ "product": 1,
+ "control": 150,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.234Z",
+ "updated": "2021-11-04T08:22:00.234Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 8,
+ "fields": {
+ "product": 1,
+ "control": 151,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.234Z",
+ "updated": "2021-11-04T08:22:00.234Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 9,
+ "fields": {
+ "product": 1,
+ "control": 152,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.234Z",
+ "updated": "2021-11-04T08:22:00.234Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 10,
+ "fields": {
+ "product": 1,
+ "control": 153,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 11,
+ "fields": {
+ "product": 1,
+ "control": 154,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 12,
+ "fields": {
+ "product": 1,
+ "control": 155,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 13,
+ "fields": {
+ "product": 1,
+ "control": 156,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 14,
+ "fields": {
+ "product": 1,
+ "control": 157,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 15,
+ "fields": {
+ "product": 1,
+ "control": 158,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 16,
+ "fields": {
+ "product": 1,
+ "control": 159,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 17,
+ "fields": {
+ "product": 1,
+ "control": 160,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 18,
+ "fields": {
+ "product": 1,
+ "control": 161,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 19,
+ "fields": {
+ "product": 1,
+ "control": 162,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 20,
+ "fields": {
+ "product": 1,
+ "control": 163,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 21,
+ "fields": {
+ "product": 1,
+ "control": 164,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 22,
+ "fields": {
+ "product": 1,
+ "control": 165,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 23,
+ "fields": {
+ "product": 1,
+ "control": 166,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 24,
+ "fields": {
+ "product": 1,
+ "control": 167,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 25,
+ "fields": {
+ "product": 1,
+ "control": 168,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 26,
+ "fields": {
+ "product": 1,
+ "control": 169,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 27,
+ "fields": {
+ "product": 1,
+ "control": 170,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 28,
+ "fields": {
+ "product": 1,
+ "control": 171,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 29,
+ "fields": {
+ "product": 1,
+ "control": 172,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 30,
+ "fields": {
+ "product": 1,
+ "control": 173,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.235Z",
+ "updated": "2021-11-04T08:22:00.235Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 31,
+ "fields": {
+ "product": 1,
+ "control": 174,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 32,
+ "fields": {
+ "product": 1,
+ "control": 175,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 33,
+ "fields": {
+ "product": 1,
+ "control": 176,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 34,
+ "fields": {
+ "product": 1,
+ "control": 177,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 35,
+ "fields": {
+ "product": 1,
+ "control": 178,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 36,
+ "fields": {
+ "product": 1,
+ "control": 179,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 37,
+ "fields": {
+ "product": 1,
+ "control": 180,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 38,
+ "fields": {
+ "product": 1,
+ "control": 181,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 39,
+ "fields": {
+ "product": 1,
+ "control": 182,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 40,
+ "fields": {
+ "product": 1,
+ "control": 183,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 41,
+ "fields": {
+ "product": 1,
+ "control": 184,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 42,
+ "fields": {
+ "product": 1,
+ "control": 185,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 43,
+ "fields": {
+ "product": 1,
+ "control": 186,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 44,
+ "fields": {
+ "product": 1,
+ "control": 187,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 45,
+ "fields": {
+ "product": 1,
+ "control": 188,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 46,
+ "fields": {
+ "product": 1,
+ "control": 189,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 47,
+ "fields": {
+ "product": 1,
+ "control": 190,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 48,
+ "fields": {
+ "product": 1,
+ "control": 191,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.236Z",
+ "updated": "2021-11-04T08:22:00.236Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 49,
+ "fields": {
+ "product": 1,
+ "control": 192,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 50,
+ "fields": {
+ "product": 1,
+ "control": 134,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 51,
+ "fields": {
+ "product": 1,
+ "control": 135,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 52,
+ "fields": {
+ "product": 1,
+ "control": 136,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 53,
+ "fields": {
+ "product": 1,
+ "control": 137,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 54,
+ "fields": {
+ "product": 1,
+ "control": 138,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 55,
+ "fields": {
+ "product": 1,
+ "control": 139,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 56,
+ "fields": {
+ "product": 1,
+ "control": 140,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 57,
+ "fields": {
+ "product": 1,
+ "control": 141,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 58,
+ "fields": {
+ "product": 1,
+ "control": 142,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 59,
+ "fields": {
+ "product": 1,
+ "control": 143,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 60,
+ "fields": {
+ "product": 1,
+ "control": 132,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 61,
+ "fields": {
+ "product": 1,
+ "control": 133,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 62,
+ "fields": {
+ "product": 1,
+ "control": 130,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 63,
+ "fields": {
+ "product": 1,
+ "control": 131,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 64,
+ "fields": {
+ "product": 1,
+ "control": 117,
+ "pass_fail": true,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 65,
+ "fields": {
+ "product": 1,
+ "control": 118,
+ "pass_fail": true,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 66,
+ "fields": {
+ "product": 1,
+ "control": 119,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 67,
+ "fields": {
+ "product": 1,
+ "control": 120,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 68,
+ "fields": {
+ "product": 1,
+ "control": 121,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 69,
+ "fields": {
+ "product": 1,
+ "control": 122,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.237Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 70,
+ "fields": {
+ "product": 1,
+ "control": 123,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.237Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 71,
+ "fields": {
+ "product": 1,
+ "control": 124,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 72,
+ "fields": {
+ "product": 1,
+ "control": 125,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 73,
+ "fields": {
+ "product": 1,
+ "control": 126,
+ "pass_fail": true,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 74,
+ "fields": {
+ "product": 1,
+ "control": 127,
+ "pass_fail": true,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 75,
+ "fields": {
+ "product": 1,
+ "control": 128,
+ "pass_fail": true,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 76,
+ "fields": {
+ "product": 1,
+ "control": 129,
+ "pass_fail": true,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 77,
+ "fields": {
+ "product": 1,
+ "control": 110,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 78,
+ "fields": {
+ "product": 1,
+ "control": 105,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 79,
+ "fields": {
+ "product": 1,
+ "control": 106,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 80,
+ "fields": {
+ "product": 1,
+ "control": 107,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 81,
+ "fields": {
+ "product": 1,
+ "control": 108,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 82,
+ "fields": {
+ "product": 1,
+ "control": 109,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 83,
+ "fields": {
+ "product": 1,
+ "control": 111,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 84,
+ "fields": {
+ "product": 1,
+ "control": 112,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 85,
+ "fields": {
+ "product": 1,
+ "control": 113,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 86,
+ "fields": {
+ "product": 1,
+ "control": 114,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 87,
+ "fields": {
+ "product": 1,
+ "control": 115,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 88,
+ "fields": {
+ "product": 1,
+ "control": 116,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 89,
+ "fields": {
+ "product": 1,
+ "control": 92,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.238Z",
+ "updated": "2021-11-04T08:22:00.238Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 90,
+ "fields": {
+ "product": 1,
+ "control": 93,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 91,
+ "fields": {
+ "product": 1,
+ "control": 94,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 92,
+ "fields": {
+ "product": 1,
+ "control": 95,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 93,
+ "fields": {
+ "product": 1,
+ "control": 96,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 94,
+ "fields": {
+ "product": 1,
+ "control": 97,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 95,
+ "fields": {
+ "product": 1,
+ "control": 98,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 96,
+ "fields": {
+ "product": 1,
+ "control": 99,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 97,
+ "fields": {
+ "product": 1,
+ "control": 100,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 98,
+ "fields": {
+ "product": 1,
+ "control": 101,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 99,
+ "fields": {
+ "product": 1,
+ "control": 102,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 100,
+ "fields": {
+ "product": 1,
+ "control": 103,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 101,
+ "fields": {
+ "product": 1,
+ "control": 104,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 102,
+ "fields": {
+ "product": 1,
+ "control": 65,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 103,
+ "fields": {
+ "product": 1,
+ "control": 66,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 104,
+ "fields": {
+ "product": 1,
+ "control": 67,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 105,
+ "fields": {
+ "product": 1,
+ "control": 68,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 106,
+ "fields": {
+ "product": 1,
+ "control": 69,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 107,
+ "fields": {
+ "product": 1,
+ "control": 70,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 108,
+ "fields": {
+ "product": 1,
+ "control": 71,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 109,
+ "fields": {
+ "product": 1,
+ "control": 72,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.239Z",
+ "updated": "2021-11-04T08:22:00.239Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 110,
+ "fields": {
+ "product": 1,
+ "control": 73,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 111,
+ "fields": {
+ "product": 1,
+ "control": 74,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 112,
+ "fields": {
+ "product": 1,
+ "control": 75,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 113,
+ "fields": {
+ "product": 1,
+ "control": 76,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 114,
+ "fields": {
+ "product": 1,
+ "control": 77,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 115,
+ "fields": {
+ "product": 1,
+ "control": 78,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 116,
+ "fields": {
+ "product": 1,
+ "control": 79,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 117,
+ "fields": {
+ "product": 1,
+ "control": 80,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 118,
+ "fields": {
+ "product": 1,
+ "control": 81,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 119,
+ "fields": {
+ "product": 1,
+ "control": 82,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 120,
+ "fields": {
+ "product": 1,
+ "control": 83,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 121,
+ "fields": {
+ "product": 1,
+ "control": 84,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 122,
+ "fields": {
+ "product": 1,
+ "control": 53,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 123,
+ "fields": {
+ "product": 1,
+ "control": 54,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 124,
+ "fields": {
+ "product": 1,
+ "control": 55,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 125,
+ "fields": {
+ "product": 1,
+ "control": 56,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 126,
+ "fields": {
+ "product": 1,
+ "control": 57,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 127,
+ "fields": {
+ "product": 1,
+ "control": 58,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 128,
+ "fields": {
+ "product": 1,
+ "control": 59,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 129,
+ "fields": {
+ "product": 1,
+ "control": 60,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 130,
+ "fields": {
+ "product": 1,
+ "control": 61,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.240Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 131,
+ "fields": {
+ "product": 1,
+ "control": 62,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.240Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 132,
+ "fields": {
+ "product": 1,
+ "control": 63,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 133,
+ "fields": {
+ "product": 1,
+ "control": 64,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 134,
+ "fields": {
+ "product": 1,
+ "control": 42,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 135,
+ "fields": {
+ "product": 1,
+ "control": 43,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 136,
+ "fields": {
+ "product": 1,
+ "control": 44,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 137,
+ "fields": {
+ "product": 1,
+ "control": 45,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 138,
+ "fields": {
+ "product": 1,
+ "control": 46,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 139,
+ "fields": {
+ "product": 1,
+ "control": 47,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 140,
+ "fields": {
+ "product": 1,
+ "control": 48,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 141,
+ "fields": {
+ "product": 1,
+ "control": 49,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 142,
+ "fields": {
+ "product": 1,
+ "control": 50,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 143,
+ "fields": {
+ "product": 1,
+ "control": 51,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 144,
+ "fields": {
+ "product": 1,
+ "control": 52,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 145,
+ "fields": {
+ "product": 1,
+ "control": 5,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 146,
+ "fields": {
+ "product": 1,
+ "control": 6,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 147,
+ "fields": {
+ "product": 1,
+ "control": 7,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 148,
+ "fields": {
+ "product": 1,
+ "control": 8,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 149,
+ "fields": {
+ "product": 1,
+ "control": 9,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 150,
+ "fields": {
+ "product": 1,
+ "control": 11,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 151,
+ "fields": {
+ "product": 1,
+ "control": 12,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 152,
+ "fields": {
+ "product": 1,
+ "control": 13,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.241Z",
+ "updated": "2021-11-04T08:22:00.241Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 153,
+ "fields": {
+ "product": 1,
+ "control": 14,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 154,
+ "fields": {
+ "product": 1,
+ "control": 15,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 155,
+ "fields": {
+ "product": 1,
+ "control": 16,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 156,
+ "fields": {
+ "product": 1,
+ "control": 17,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 157,
+ "fields": {
+ "product": 1,
+ "control": 4,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 158,
+ "fields": {
+ "product": 1,
+ "control": 18,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 159,
+ "fields": {
+ "product": 1,
+ "control": 19,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 160,
+ "fields": {
+ "product": 1,
+ "control": 20,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 161,
+ "fields": {
+ "product": 1,
+ "control": 21,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 162,
+ "fields": {
+ "product": 1,
+ "control": 22,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 163,
+ "fields": {
+ "product": 1,
+ "control": 23,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 164,
+ "fields": {
+ "product": 1,
+ "control": 24,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 165,
+ "fields": {
+ "product": 1,
+ "control": 25,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 166,
+ "fields": {
+ "product": 1,
+ "control": 26,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 167,
+ "fields": {
+ "product": 1,
+ "control": 27,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 168,
+ "fields": {
+ "product": 1,
+ "control": 28,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 169,
+ "fields": {
+ "product": 1,
+ "control": 29,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 170,
+ "fields": {
+ "product": 1,
+ "control": 30,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 171,
+ "fields": {
+ "product": 1,
+ "control": 31,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 172,
+ "fields": {
+ "product": 1,
+ "control": 32,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 173,
+ "fields": {
+ "product": 1,
+ "control": 33,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.242Z",
+ "updated": "2021-11-04T08:22:00.242Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 174,
+ "fields": {
+ "product": 1,
+ "control": 34,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 175,
+ "fields": {
+ "product": 1,
+ "control": 35,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 176,
+ "fields": {
+ "product": 1,
+ "control": 36,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 177,
+ "fields": {
+ "product": 1,
+ "control": 37,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 178,
+ "fields": {
+ "product": 1,
+ "control": 38,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 179,
+ "fields": {
+ "product": 1,
+ "control": 39,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 180,
+ "fields": {
+ "product": 1,
+ "control": 40,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 181,
+ "fields": {
+ "product": 1,
+ "control": 41,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 182,
+ "fields": {
+ "product": 1,
+ "control": 1,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 183,
+ "fields": {
+ "product": 1,
+ "control": 2,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 184,
+ "fields": {
+ "product": 1,
+ "control": 3,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 185,
+ "fields": {
+ "product": 1,
+ "control": 85,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 186,
+ "fields": {
+ "product": 1,
+ "control": 86,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 187,
+ "fields": {
+ "product": 1,
+ "control": 87,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 188,
+ "fields": {
+ "product": 1,
+ "control": 88,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 189,
+ "fields": {
+ "product": 1,
+ "control": 89,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 190,
+ "fields": {
+ "product": 1,
+ "control": 90,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product",
+ "pk": 191,
+ "fields": {
+ "product": 1,
+ "control": 91,
+ "pass_fail": false,
+ "enabled": true,
+ "created": "2021-11-04T08:22:00.243Z",
+ "updated": "2021-11-04T08:22:00.243Z",
+ "notes": []
+ }
+},
+{
+ "model": "dojo.benchmark_product_summary",
+ "pk": 1,
+ "fields": {
+ "product": 1,
+ "benchmark_type": 1,
+ "desired_level": "Level 1",
+ "current_level": "None",
+ "asvs_level_1_benchmark": 83,
+ "asvs_level_1_score": 6,
+ "asvs_level_2_benchmark": 73,
+ "asvs_level_2_score": 0,
+ "asvs_level_3_benchmark": 35,
+ "asvs_level_3_score": 0,
+ "publish": false,
+ "created": "2021-11-04T08:22:00.291Z",
+ "updated": "2021-11-04T08:22:00.291Z"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 3,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:31:16Z",
+ "modified": "2018-06-17T19:31:16Z",
+ "order": 1,
+ "optional": false,
+ "text": "What kind of infrastructure will you be using (cloud servers, load balancers, dedicated hardware, etc)?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 4,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:31:30Z",
+ "modified": "2018-06-17T19:31:30Z",
+ "order": 1,
+ "optional": false,
+ "text": "Will there be a staging/pre-prod environment?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 5,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:31:45Z",
+ "modified": "2018-06-17T19:31:45Z",
+ "order": 1,
+ "optional": false,
+ "text": "How many servers/regions will be used for production?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 6,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:52:57Z",
+ "modified": "2018-06-17T19:52:57Z",
+ "order": 1,
+ "optional": false,
+ "text": "What kind of OS and other software will these servers run?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 7,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:53:37Z",
+ "modified": "2018-06-17T19:53:37Z",
+ "order": 1,
+ "optional": false,
+ "text": "Where does the product live? (Public cloud, private cloud, dedicated, etc.)"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 8,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:54:20Z",
+ "modified": "2018-06-17T19:54:20Z",
+ "order": 1,
+ "optional": false,
+ "text": "If public cloud, are regions and environments separated into different accounts? Who manages the accounts?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 9,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:54:34Z",
+ "modified": "2018-06-17T19:54:34Z",
+ "order": 1,
+ "optional": false,
+ "text": "How will your servers talk to one another, if at all?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 10,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:54:48Z",
+ "modified": "2018-06-17T19:54:48Z",
+ "order": 1,
+ "optional": false,
+ "text": "How will you manage this infrastructure?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 11,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:55:00Z",
+ "modified": "2018-06-17T19:55:00Z",
+ "order": 1,
+ "optional": false,
+ "text": "What is your patching schedule?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 12,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:55:20Z",
+ "modified": "2018-06-17T19:55:20Z",
+ "order": 1,
+ "optional": false,
+ "text": "How will admin users (e.g., Ops) authenticate to the servers (LDAP based login, SSH Keys, local access)?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 13,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:56:24Z",
+ "modified": "2018-06-17T19:56:24Z",
+ "order": 1,
+ "optional": false,
+ "text": "What components do you have as part of your product (Web UI, REST API, command line app, mobile app, etc.)?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 14,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:57:22Z",
+ "modified": "2018-06-17T19:57:22Z",
+ "order": 1,
+ "optional": false,
+ "text": "What access control limitations are in place?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 15,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:57:34Z",
+ "modified": "2018-06-17T19:57:34Z",
+ "order": 1,
+ "optional": false,
+ "text": "How is access control enforced? (IP whitelists, role-based access controls, etc.)"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 16,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:57:55Z",
+ "modified": "2018-06-17T19:57:55Z",
+ "order": 1,
+ "optional": false,
+ "text": "What Identity roles (if any) are utilized by the app and how many people are estimated to be inside those groups?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 17,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T19:58:36Z",
+ "modified": "2018-06-17T19:58:36Z",
+ "order": 1,
+ "optional": false,
+ "text": "What is the criteria for being added to these groups? Are they audited and auto-purged?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 18,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:00:35Z",
+ "modified": "2018-06-17T20:00:35Z",
+ "order": 1,
+ "optional": false,
+ "text": "Are you logging all sensitive user actions, such as user registration, permission modification, login attempts, admin functions, etc.?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 19,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:00:46Z",
+ "modified": "2018-06-17T20:00:46Z",
+ "order": 1,
+ "optional": false,
+ "text": "What identifying information are you logging?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 20,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:00:58Z",
+ "modified": "2018-06-17T20:00:58Z",
+ "order": 1,
+ "optional": false,
+ "text": "Where are these logs stored?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 21,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:02:18Z",
+ "modified": "2018-06-17T20:02:18Z",
+ "order": 1,
+ "optional": false,
+ "text": "How does an end user interact with the product? Do they visit it in their browser, use a proxy or a special CLI tool, log in through a terminal server, etc?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 22,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:02:32Z",
+ "modified": "2018-06-17T20:02:32Z",
+ "order": 1,
+ "optional": false,
+ "text": "How public-facing is this product? (customer tool, open source project, etc.)"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 23,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:02:46Z",
+ "modified": "2018-06-17T20:02:46Z",
+ "order": 1,
+ "optional": false,
+ "text": "When does information cross a privacy boundary within your application flow? For instance public cloud -> private cloud, public internet -> public cloud, etc."
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 24,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:02:57Z",
+ "modified": "2018-06-17T20:02:57Z",
+ "order": 1,
+ "optional": false,
+ "text": "What services/products does your product consume? What services/products consume it?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 25,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:04:46Z",
+ "modified": "2018-06-17T20:04:46Z",
+ "order": 1,
+ "optional": false,
+ "text": "What customer or corporate information does your product consume?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 26,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:05:10Z",
+ "modified": "2018-06-17T20:05:10Z",
+ "order": 1,
+ "optional": false,
+ "text": "What information does the product store?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 27,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:05:22Z",
+ "modified": "2018-06-17T20:05:22Z",
+ "order": 1,
+ "optional": false,
+ "text": "Where, how, and for how long is it stored?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 28,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:05:32Z",
+ "modified": "2018-06-17T20:05:32Z",
+ "order": 1,
+ "optional": false,
+ "text": "Is encryption / hashing used where appropriate?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 29,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:05:43Z",
+ "modified": "2018-06-17T20:05:43Z",
+ "order": 1,
+ "optional": false,
+ "text": "Are you rolling your own identification system? If so, have you considered integrating with SSO instead?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 30,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:05:57Z",
+ "modified": "2018-06-17T20:05:57Z",
+ "order": 1,
+ "optional": false,
+ "text": "What information does the product send to the user?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 31,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:06:15Z",
+ "modified": "2018-06-17T20:06:15Z",
+ "order": 1,
+ "optional": false,
+ "text": "If you're managing passwords or keys across multiple servers/endpoints, where and how is that information stored?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 32,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:08:08Z",
+ "modified": "2018-06-17T20:08:08Z",
+ "order": 1,
+ "optional": false,
+ "text": "What third party tools and libraries are you using? Please provide a package dump as well (apt, pip, bower, etc.)"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 33,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:08:19Z",
+ "modified": "2018-06-17T20:08:19Z",
+ "order": 1,
+ "optional": false,
+ "text": "What ports should be open on each node, and what services do they expose?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 34,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:08:30Z",
+ "modified": "2018-06-17T20:08:30Z",
+ "order": 1,
+ "optional": false,
+ "text": "What service accounts are you utilizing, and what roles do they have?"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 35,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:08:43Z",
+ "modified": "2018-06-17T20:08:43Z",
+ "order": 1,
+ "optional": false,
+ "text": "What DNS entries do you have set up? (Most importantly, public-facing systems)"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 36,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:08:54Z",
+ "modified": "2018-06-17T20:08:54Z",
+ "order": 1,
+ "optional": false,
+ "text": "What type of monitoring are you doing? (IDS, cloud monitoring, custom log parsing script, etc.)"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 37,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:10:15Z",
+ "modified": "2018-06-17T20:10:15Z",
+ "order": 1,
+ "optional": false,
+ "text": "List the IPs for all infrastructure utilized for the environment in question."
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 38,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:10:30Z",
+ "modified": "2018-06-17T20:10:30Z",
+ "order": 1,
+ "optional": false,
+ "text": "List of endpoints and documentation for any APIs created by your product."
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 39,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:10:42Z",
+ "modified": "2018-06-17T20:10:42Z",
+ "order": 1,
+ "optional": false,
+ "text": "Locations of any web UIs or other important URLs"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 40,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:10:52Z",
+ "modified": "2018-06-17T20:10:52Z",
+ "order": 1,
+ "optional": false,
+ "text": "List of any service accounts or other access requests relevant to your product"
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 41,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:11:04Z",
+ "modified": "2018-06-17T20:11:04Z",
+ "order": 1,
+ "optional": false,
+ "text": "The contact information of QE who are testing the products."
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 42,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:11:17Z",
+ "modified": "2018-06-17T20:11:17Z",
+ "order": 1,
+ "optional": false,
+ "text": "The list of people that should be notified for our security testing."
+ }
+},
+{
+ "model": "dojo.question",
+ "pk": 43,
+ "fields": {
+ "polymorphic_ctype": [
+ "dojo",
+ "benchmark_category"
+ ],
+ "created": "2018-06-17T20:11:30Z",
+ "modified": "2018-06-17T20:11:30Z",
+ "order": 1,
+ "optional": false,
+ "text": "Any security testing that we should not run, and/or times when you would prefer we not test."
+ }
+},
+{
+ "model": "dojo.textquestion",
+ "pk": 3,
+ "fields": {
+ "question_ptr": 3
+ }
+},
+{
+ "model": "dojo.textquestion",
+ "pk": 4,
+ "fields": {
+ "question_ptr": 4
+ }
+},
+{
+ "model": "dojo.textquestion",
+ "pk": 5,
+ "fields": {
+ "question_ptr": 5
+ }
+},
+{
+ "model": "dojo.textquestion",
+ "pk": 6,
+ "fields": {
+ "question_ptr": 6
+ }
+},
+{
+ "model": "dojo.textquestion",
+ "pk": 7,
+ "fields": {
+ "question_ptr": 7
+ }
+},
+{
+ "model": "dojo.textquestion",
+ "pk": 8,
+ "fields": {
+ "question_ptr": 8
+ }
+},
+{
+ "model": "dojo.textquestion",
+ "pk": 9,
+ "fields": {
+ "question_ptr": 9
+ }
},
{
- "model": "dojo.language_type",
- "pk": 103,
- "fields": {
- "language": "LESS",
- "color": "#D2691E"
- }
+ "model": "dojo.textquestion",
+ "pk": 10,
+ "fields": {
+ "question_ptr": 10
+ }
},
{
- "model": "dojo.language_type",
- "pk": 104,
- "fields": {
- "language": "lex",
- "color": "#CD853F"
- }
+ "model": "dojo.textquestion",
+ "pk": 11,
+ "fields": {
+ "question_ptr": 11
+ }
},
{
- "model": "dojo.language_type",
- "pk": 105,
- "fields": {
- "language": "LFE",
- "color": "#DAA520"
- }
+ "model": "dojo.textquestion",
+ "pk": 12,
+ "fields": {
+ "question_ptr": 12
+ }
},
{
- "model": "dojo.language_type",
- "pk": 106,
- "fields": {
- "language": "liquid",
- "color": "#F4A460"
- }
+ "model": "dojo.textquestion",
+ "pk": 13,
+ "fields": {
+ "question_ptr": 13
+ }
},
{
- "model": "dojo.language_type",
- "pk": 107,
- "fields": {
- "language": "Lisp",
- "color": "#BC8F8F"
- }
+ "model": "dojo.textquestion",
+ "pk": 14,
+ "fields": {
+ "question_ptr": 14
+ }
},
{
- "model": "dojo.language_type",
- "pk": 108,
- "fields": {
- "language": "Literate Idris",
- "color": "#D2B48C"
- }
+ "model": "dojo.textquestion",
+ "pk": 15,
+ "fields": {
+ "question_ptr": 15
+ }
},
{
- "model": "dojo.language_type",
- "pk": 109,
- "fields": {
- "language": "LiveLink OScript",
- "color": "#DEB887"
- }
+ "model": "dojo.textquestion",
+ "pk": 16,
+ "fields": {
+ "question_ptr": 16
+ }
},
{
- "model": "dojo.language_type",
- "pk": 110,
- "fields": {
- "language": "Logtalk",
- "color": "#F5DEB3"
- }
+ "model": "dojo.textquestion",
+ "pk": 17,
+ "fields": {
+ "question_ptr": 17
+ }
},
{
- "model": "dojo.language_type",
- "pk": 111,
- "fields": {
- "language": "Lua",
- "color": "#FFDEAD"
- }
+ "model": "dojo.textquestion",
+ "pk": 18,
+ "fields": {
+ "question_ptr": 18
+ }
},
{
- "model": "dojo.language_type",
- "pk": 112,
- "fields": {
- "language": "m4",
- "color": "#FFE4C4"
- }
+ "model": "dojo.textquestion",
+ "pk": 19,
+ "fields": {
+ "question_ptr": 19
+ }
},
{
- "model": "dojo.language_type",
- "pk": 113,
- "fields": {
- "language": "make",
- "color": "#FFEBCD"
- }
+ "model": "dojo.textquestion",
+ "pk": 20,
+ "fields": {
+ "question_ptr": 20
+ }
},
{
- "model": "dojo.language_type",
- "pk": 114,
- "fields": {
- "language": "Mako",
- "color": "#FFF8DC"
- }
+ "model": "dojo.textquestion",
+ "pk": 21,
+ "fields": {
+ "question_ptr": 21
+ }
},
{
- "model": "dojo.language_type",
- "pk": 115,
- "fields": {
- "language": "Markdown",
- "color": "#2F4F4F"
- }
+ "model": "dojo.textquestion",
+ "pk": 22,
+ "fields": {
+ "question_ptr": 22
+ }
},
{
- "model": "dojo.language_type",
- "pk": 116,
- "fields": {
- "language": "Mathematica",
- "color": "#708090"
- }
+ "model": "dojo.textquestion",
+ "pk": 23,
+ "fields": {
+ "question_ptr": 23
+ }
},
{
- "model": "dojo.language_type",
- "pk": 117,
- "fields": {
- "language": "MATLAB",
- "color": "#778899"
- }
+ "model": "dojo.textquestion",
+ "pk": 24,
+ "fields": {
+ "question_ptr": 24
+ }
},
{
- "model": "dojo.language_type",
- "pk": 118,
- "fields": {
- "language": "Maven",
- "color": "#696969"
- }
+ "model": "dojo.textquestion",
+ "pk": 25,
+ "fields": {
+ "question_ptr": 25
+ }
},
{
- "model": "dojo.language_type",
- "pk": 119,
- "fields": {
- "language": "Modula3",
- "color": "#808080"
- }
+ "model": "dojo.textquestion",
+ "pk": 26,
+ "fields": {
+ "question_ptr": 26
+ }
},
{
- "model": "dojo.language_type",
- "pk": 120,
- "fields": {
- "language": "MSBuild script",
- "color": "#A9A9A9"
- }
+ "model": "dojo.textquestion",
+ "pk": 27,
+ "fields": {
+ "question_ptr": 27
+ }
},
{
- "model": "dojo.language_type",
- "pk": 121,
- "fields": {
- "language": "MUMPS",
- "color": "#FFE4E1"
- }
+ "model": "dojo.textquestion",
+ "pk": 28,
+ "fields": {
+ "question_ptr": 28
+ }
},
{
- "model": "dojo.language_type",
- "pk": 122,
- "fields": {
- "language": "Mustache",
- "color": "#FFF0F5"
- }
+ "model": "dojo.textquestion",
+ "pk": 29,
+ "fields": {
+ "question_ptr": 29
+ }
},
{
- "model": "dojo.language_type",
- "pk": 123,
- "fields": {
- "language": "MXML",
- "color": "#FAEBD7"
- }
+ "model": "dojo.textquestion",
+ "pk": 30,
+ "fields": {
+ "question_ptr": 30
+ }
},
{
- "model": "dojo.language_type",
- "pk": 124,
- "fields": {
- "language": "NAnt script",
- "color": "#FFFFF0"
- }
+ "model": "dojo.textquestion",
+ "pk": 31,
+ "fields": {
+ "question_ptr": 31
+ }
},
{
- "model": "dojo.language_type",
- "pk": 125,
- "fields": {
- "language": "NASTRAN DMAP",
- "color": "#FFFAF0"
- }
+ "model": "dojo.textquestion",
+ "pk": 32,
+ "fields": {
+ "question_ptr": 32
+ }
},
{
- "model": "dojo.language_type",
- "pk": 126,
- "fields": {
- "language": "Nemerle",
- "color": "#FDF5E6"
- }
+ "model": "dojo.textquestion",
+ "pk": 33,
+ "fields": {
+ "question_ptr": 33
+ }
},
{
- "model": "dojo.language_type",
- "pk": 127,
- "fields": {
- "language": "Nim",
- "color": "#F5F5DC"
- }
+ "model": "dojo.textquestion",
+ "pk": 34,
+ "fields": {
+ "question_ptr": 34
+ }
},
{
- "model": "dojo.language_type",
- "pk": 128,
- "fields": {
- "language": "Objective C",
- "color": "#cc00cc"
- }
+ "model": "dojo.textquestion",
+ "pk": 35,
+ "fields": {
+ "question_ptr": 35
+ }
},
{
- "model": "dojo.language_type",
- "pk": 129,
- "fields": {
- "language": "Objective C++",
- "color": "#ff9966"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 130,
- "fields": {
- "language": "OCaml",
- "color": "#F8F8FF"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 131,
- "fields": {
- "language": "OpenCL",
- "color": "#F0F8FF"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 132,
- "fields": {
- "language": "Oracle Forms",
- "color": "#F0FFFF"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 133,
- "fields": {
- "language": "Oracle PL/SQL",
- "color": "#F5FFFA"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 134,
- "fields": {
- "language": "Oracle Reports",
- "color": "#F0FFF0"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 135,
- "fields": {
- "language": "Pascal",
- "color": "#FFFAFA"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 136,
- "fields": {
- "language": "Pascal/Puppet",
- "color": "#C71585"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 137,
- "fields": {
- "language": "Patran Command Language",
- "color": "#DB7093"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 138,
- "fields": {
- "language": "Perl",
- "color": "#FF1493"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 139,
- "fields": {
- "language": "PHP",
- "color": "#FF69B4"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 140,
- "fields": {
- "language": "PHP/Pascal",
- "color": "#FFB6C1"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 141,
- "fields": {
- "language": "PL/I",
- "color": "#FFC0CB"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 143,
- "fields": {
- "language": "PL/M",
- "color": "#4B0082"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 144,
- "fields": {
- "language": "PowerBuilder",
- "color": "#800080"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 145,
- "fields": {
- "language": "PowerShell",
- "color": "#8B008B"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 146,
- "fields": {
- "language": "ProGuard",
- "color": "#9932CC"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 147,
- "fields": {
- "language": "Prolog",
- "color": "#9400D3"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 148,
- "fields": {
- "language": "Protocol Buffers",
- "color": "#8A2BE2"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 149,
- "fields": {
- "language": "Pug",
- "color": "#9370DB"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 150,
- "fields": {
- "language": "PureScript",
- "color": "#BA55D3"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 151,
- "fields": {
- "language": "QML",
- "color": "#FF00FF"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 152,
- "fields": {
- "language": "Qt",
- "color": "#FF00FF"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 153,
- "fields": {
- "language": "Qt Linguist",
- "color": "#DA70D6"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 154,
- "fields": {
- "language": "Qt Project",
- "color": "#EE82EE"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 155,
- "fields": {
- "language": "R",
- "color": "#DDA0DD"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 156,
- "fields": {
- "language": "Racket",
- "color": "#D8BFD8"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 157,
- "fields": {
- "language": "RAML",
- "color": "#E6E6FA"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 158,
- "fields": {
- "language": "RapydScript",
- "color": "#483D8B"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 159,
- "fields": {
- "language": "Razor",
- "color": "#6A5ACD"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 160,
- "fields": {
- "language": "Rexx",
- "color": "#7B68EE"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 161,
- "fields": {
- "language": "RobotFramework",
- "color": "#191970"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 162,
- "fields": {
- "language": "Ruby",
- "color": "#000080"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 163,
- "fields": {
- "language": "Ruby HTML",
- "color": "#00008B"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 164,
- "fields": {
- "language": "Rust",
- "color": "#0000CD"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 165,
- "fields": {
- "language": "SAS",
- "color": "#0000FF"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 166,
- "fields": {
- "language": "Sass",
- "color": "#4169E1"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 167,
- "fields": {
- "language": "Scala",
- "color": "#4682B4"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 168,
- "fields": {
- "language": "Scheme",
- "color": "#6495ED"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 169,
- "fields": {
- "language": "sed",
- "color": "#1E90FF"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 170,
- "fields": {
- "language": "SKILL",
- "color": "#B0C4DE"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 171,
- "fields": {
- "language": "SKILL++",
- "color": "#00BFFF"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 172,
- "fields": {
- "language": "Skylark",
- "color": "#87CEEB"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 173,
- "fields": {
- "language": "Slice",
- "color": "#87CEFA"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 174,
- "fields": {
- "language": "Slim",
- "color": "#ADD8E6"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 175,
- "fields": {
- "language": "Smalltalk",
- "color": "#B0E0E6"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 176,
- "fields": {
- "language": "Smarty",
- "color": "#008080"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 177,
- "fields": {
- "language": "Softbridge Basic",
- "color": "#008B8B"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 179,
- "fields": {
- "language": "Solidity",
- "color": "#5F9EA0"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 180,
- "fields": {
- "language": "Specman e",
- "color": "#20B2AA"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 181,
- "fields": {
- "language": "SQL",
- "color": "#00CED1"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 182,
- "fields": {
- "language": "SQL Data",
- "color": "#48D1CC"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 183,
- "fields": {
- "language": "SQL Stored Procedure",
- "color": "#40E0D0"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 184,
- "fields": {
- "language": "Standard ML",
- "color": "#AFEEEE"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 185,
- "fields": {
- "language": "Stata",
- "color": "#66CDAA"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 186,
- "fields": {
- "language": "Stylus",
- "color": "#7FFFD4"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 187,
- "fields": {
- "language": "Swift",
- "color": "#00FFFF"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 188,
- "fields": {
- "language": "SWIG",
- "color": "#00FFFF"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 189,
- "fields": {
- "language": "Tcl/Tk",
- "color": "#E0FFFF"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 190,
- "fields": {
- "language": "Teamcenter met",
- "color": "#6B8E23"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 191,
- "fields": {
- "language": "Teamcenter mth",
- "color": "#556B2F"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 192,
- "fields": {
- "language": "TeX",
- "color": "#808000"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 193,
- "fields": {
- "language": "TITAN Project File Information",
- "color": "#2E8B57"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 194,
- "fields": {
- "language": "Titanium Style Sheet",
- "color": "#3CB371"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 195,
- "fields": {
- "language": "TOML",
- "color": "#8FBC8F"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 196,
- "fields": {
- "language": "TTCN",
- "color": "#00FA9A"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 197,
- "fields": {
- "language": "Twig",
- "color": "#006400"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 198,
- "fields": {
- "language": "TypeScript",
- "color": "#228B22"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 199,
- "fields": {
- "language": "Unity-Prefab",
- "color": "#00FF00"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 200,
- "fields": {
- "language": "Vala",
- "color": "#32CD32"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 201,
- "fields": {
- "language": "Vala Header",
- "color": "#FFFF00"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 202,
- "fields": {
- "language": "Velocity Template Language",
- "color": "#BDB76B"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 203,
- "fields": {
- "language": "Verilog-SystemVerilog",
- "color": "#F0E68C"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 204,
- "fields": {
- "language": "VHDL",
- "color": "#EEE8AA"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 205,
- "fields": {
- "language": "vim script",
- "color": "#FFDAB9"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 206,
- "fields": {
- "language": "Visual Basic",
- "color": "#FFE4B5"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 207,
- "fields": {
- "language": "Visual Fox Pro",
- "color": "#FFEFD5"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 208,
- "fields": {
- "language": "Visualforce Component",
- "color": "#FAFAD2"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 209,
- "fields": {
- "language": "Visualforce Page",
- "color": "#FFFACD"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 210,
- "fields": {
- "language": "Vuejs Component",
- "color": "#FFFFE0"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 211,
- "fields": {
- "language": "Windows Message File",
- "color": "#FF8C00"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 212,
- "fields": {
- "language": "Windows Module Definition",
- "color": "#FFA500"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 213,
- "fields": {
- "language": "Windows Resource File",
- "color": "#FFD700"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 214,
- "fields": {
- "language": "WiX include",
- "color": "#FF4500"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 215,
- "fields": {
- "language": "WiX source",
- "color": "#FF6347"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 216,
- "fields": {
- "language": "WiX string localization",
- "color": "#FF7F50"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 217,
- "fields": {
- "language": "XAML",
- "color": "#8B0000"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 218,
- "fields": {
- "language": "xBase",
- "color": "#FF0000"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 219,
- "fields": {
- "language": "xBase Header",
- "color": "#B22222"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 220,
- "fields": {
- "language": "XHTML",
- "color": "#DC143C"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 221,
- "fields": {
- "language": "XMI",
- "color": "#CD5C5C"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 222,
- "fields": {
- "language": "XML",
- "color": "#F08080"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 223,
- "fields": {
- "language": "XQuery",
- "color": "#E9967A"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 224,
- "fields": {
- "language": "XSD",
- "color": "#FA8072"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 225,
- "fields": {
- "language": "XSLT",
- "color": "#FFA07A"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 226,
- "fields": {
- "language": "yacc",
- "color": "#f0ffff"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 227,
- "fields": {
- "language": "YAML",
- "color": "#c1cdcd"
- }
-},
-{
- "model": "dojo.language_type",
- "pk": 228,
- "fields": {
- "language": "zsh",
- "color": "#8b7d6b"
- }
-},
-{
- "model": "dojo.languages",
- "pk": 1,
- "fields": {
- "language": 90,
- "product": 1,
- "user": 1,
- "files": 500,
- "blank": 100,
- "comment": 199,
- "code": 15000,
- "created": "2021-11-04T09:00:09.802Z"
- }
-},
-{
- "model": "dojo.languages",
- "pk": 2,
- "fields": {
- "language": 2,
- "product": 1,
- "user": 1,
- "files": 1,
- "blank": 2,
- "comment": 2,
- "code": 200,
- "created": "2021-11-04T09:01:32.568Z"
- }
-},
-{
- "model": "dojo.languages",
- "pk": 3,
- "fields": {
- "language": 91,
- "product": 1,
- "user": 1,
- "files": 15,
- "blank": 9,
- "comment": 10,
- "code": 800,
- "created": "2021-11-04T09:01:32.581Z"
- }
-},
-{
- "model": "dojo.languages",
- "pk": 4,
- "fields": {
- "language": 222,
- "product": 1,
- "user": 1,
- "files": 10,
- "blank": 1,
- "comment": 8,
- "code": 200,
- "created": "2021-11-04T09:13:05.769Z"
- }
-},
-{
- "model": "dojo.app_analysis",
- "pk": 1,
- "fields": {
- "product": 1,
- "name": "Tomcat",
- "user": 1,
- "confidence": 100,
- "version": "8.5.1",
- "icon": null,
- "website": null,
- "website_found": null,
- "created": "2021-11-04T09:20:33.477Z",
- "tags": []
- }
-},
-{
- "model": "dojo.objects_review",
- "pk": 1,
- "fields": {
- "name": "Untracked",
- "created": "2021-06-04T07:43:45.626Z"
- }
-},
-{
- "model": "dojo.objects_review",
- "pk": 2,
- "fields": {
- "name": "Manual Code Review Required",
- "created": "2021-06-05T06:44:08.110Z"
- }
-},
-{
- "model": "dojo.objects_review",
- "pk": 3,
- "fields": {
- "name": "Manual Code Review and Create Test",
- "created": "2021-06-08T13:12:41.078Z"
- }
-},
-{
- "model": "dojo.benchmark_type",
- "pk": 1,
- "fields": {
- "name": "OWASP ASVS",
- "version": "v. 3.1",
- "benchmark_source": "OWASP ASVS",
- "created": "2021-06-22T12:28:05.635Z",
- "updated": "2021-06-22T12:32:16.088Z",
- "enabled": true
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 1,
- "fields": {
- "type": 1,
- "name": "V7: Cryptography Verification Requirements",
- "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* That all cryptographic modules fail in a secure manner and that errors are handled correctly.\r\n* That a suitable random number generator is used when randomness is required.\r\n* That access to keys is managed in a secure way.",
- "references": "* [OWASP Testing Guide 4.0: Testing for weak Cryptography](https://www.owasp.org/index.php/Testing_for_weak_Cryptography)\r\n* [OWASP Cheat Sheet: Cryptographic Storage](https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet)",
- "enabled": true,
- "created": "2021-06-22T12:32:50.575Z",
- "updated": "2021-06-22T12:32:50.575Z"
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 2,
- "fields": {
- "type": 1,
- "name": "V2: Authentication Verification Requirements",
- "objective": "Authentication is the act of establishing, or confirming, something (or someone) as authentic, that is, that claims made by or about the thing are true. Ensure that a verified application satisfies the following high level requirements:\r\n\r\nVerifies the digital identity of the sender of a communication. Ensures that only those authorised are able to authenticate and credentials are transported in a secure manner.",
- "references": "* https://www.owasp.org/index.php/Testing_for_authentication\r\n* https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Choosing_and_Using_Security_Questions_Cheat_Sheet",
- "enabled": true,
- "created": "2021-06-28T12:34:11.372Z",
- "updated": "2021-06-28T12:34:11.372Z"
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 3,
- "fields": {
- "type": 1,
- "name": "V1: Architecture, Design and Threat Modeling Requirements",
- "objective": "In a perfect world, security would be considered throughout all phases of development. In reality however, security is often only a consideration at a late stage in the SDLC. Besides the technical controls, the ASVS requires processes to be in place that ensure that the security has been explicitly addressed when planning the architecture of the application or API, and that the functional and security roles of all components are known. Since single page applications and act as clients to remote API or services, it must be ensured that appropriate security standards are also applied to those services - testing the app in isolation is not sufficient.\r\n\r\nThe category lists requirements pertaining to architecture and design of the app. As such, this is the only category that does not map to technical test cases in the OWASP Testing Guide. To cover topics such as threat modelling, secure SDLC, key management, users of the ASVS should consult the respective OWASP projects and/or other standards such as the ones linked below.",
- "references": "* https://www.owasp.org/index.php/Application_Security_Architecture_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Attack_Surface_Analysis_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Application_Security_Architecture_Cheat_Sheet\r\n* https://www.owasp.org/index.php/Application_Threat_Modeling\r\n* https://www.owasp.org/index.php/Secure_SDLC_Cheat_Sheet\r\n* https://www.microsoft.com/en-us/sdl/\r\n* http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf",
- "enabled": true,
- "created": "2021-06-29T09:43:01.380Z",
- "updated": "2021-06-29T09:43:01.380Z"
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 4,
- "fields": {
- "type": 1,
- "name": "V3: Session Management Verification Requirements",
- "objective": "One of the core components of any web-based application is the mechanism by which it controls and maintains the state for a user interacting with it. This is referred to this as Session Management and is defined as the set of all controls governing state-full interaction between a user and the web-based application.\r\n\r\nEnsure that a verified application satisfies the following high level session management requirements:\r\n\r\n* Sessions are unique to each individual and cannot be guessed or shared\r\n* Sessions are invalidated when no longer required and timed out during periods of inactivity.",
- "references": "* https://www.owasp.org/index.php/Testing_for_Session_Management\r\n* https://www.owasp.org/index.php/Session_Management_Cheat_Sheet",
- "enabled": true,
- "created": "2021-06-29T09:46:43.544Z",
- "updated": "2021-06-29T09:46:43.544Z"
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 5,
- "fields": {
- "type": 1,
- "name": "V4: Access Control Verification Requirements",
- "objective": "Authorization is the concept of allowing access to resources only to those permitted to use them. Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* Persons accessing resources holds valid credentials to do so.\r\n* Users are associated with a well-defined set of roles and privileges.\r\n* Role and permission metadata is protected from replay or tampering.",
- "references": "* [OWASP Testing Guide 4.0: Authorization](https://www.owasp.org/index.php/Testing_for_Authorization)\r\n* [OWASP Cheat Sheet: Access Control](https://www.owasp.org/index.php/Access_Control_Cheat_Sheet)",
- "enabled": true,
- "created": "2021-06-29T11:08:56.925Z",
- "updated": "2021-06-29T11:08:56.925Z"
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 6,
- "fields": {
- "type": 1,
- "name": "V5: Input Validation and Output Encoding Verification Requirements",
- "objective": "The most common web application security weakness is the failure to properly validate input coming from the client or from the environment before using it. This weakness leads to almost all of the major vulnerabilities in web applications, such as cross site scripting, SQL injection, interpreter injection, locale/Unicode attacks, file system attacks, and buffer overflows.\r\n\r\nEnsure that a verified application satisfies the following high level requirements:\r\n\r\n* All input is validated to be correct and fit for the intended purpose.\r\n* Data from an external entity or client should never be trusted and should be handled accordingly.",
- "references": "* [OWASP Testing Guide 4.0: Input Validation Testing](https://www.owasp.org/index.php/Testing_for_Input_Validation)\r\n* [OWASP Cheat Sheet: Input Validation](https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet)\r\n* [OWASP Testing Guide 4.0: Testing for HTTP Parameter Pollution](https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_%28OTG-INPVAL-004%29)\r\n* [OWASP LDAP Injection Cheat Sheet ](https://www.owasp.org/index.php/LDAP_Injection_Prevention_Cheat_Sheet)\r\n* [OWASP Testing Guide 4.0: Client Side Testing ](https://www.owasp.org/index.php/Client_Side_Testing)\r\n* [OWASP Cross Site Scripting Prevention Cheat Sheet ](https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet)\r\n* [OWASP DOM Based Cross Site Scripting Prevention Cheat Sheet ](https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet)\r\n* [OWASP Java Encoding Project](https://www.owasp.org/index.php/OWASP_Java_Encoder_Project)\r\n\r\nFor more information on auto-escaping, please see:\r\n\r\n* [Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems](http://googleonlinesecurity.blogspot.com/2009/03/reducing-xss-by-way-of-automatic.html)\r\n* [AngularJS Strict Contextual Escaping](https://docs.angularjs.org/api/ng/service/$sce)\r\n* [ReactJS Escaping](https://reactjs.org/docs/introducing-jsx.html#jsx-prevents-injection-attacks)\r\n* [Improperly Controlled Modification of Dynamically-Determined Object Attributes](https://cwe.mitre.org/data/definitions/915.html)",
- "enabled": true,
- "created": "2021-06-29T11:18:52.073Z",
- "updated": "2021-06-29T11:18:52.073Z"
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 7,
- "fields": {
- "type": 1,
- "name": "V8: Error Handling and Logging Verification Requirements",
- "objective": "The primary objective of error handling and logging is to provide a useful reaction by the user, administrators, and incident response teams. The objective is not to create massive amounts of logs, but high quality logs, with more signal than discarded noise.\r\n\r\nHigh quality logs will often contain sensitive data, and must be protected as per local data privacy laws or directives. This should include:\r\n\r\n* Not collecting or logging sensitive information if not specifically required.\r\n* Ensuring all logged information is handled securely and protected as per its data classification.\r\n* Ensuring that logs are not forever, but have an absolute lifetime that is as short as possible.\r\n\r\nIf logs contain private or sensitive data, the definition of which varies from country to country, the logs become some of the most sensitive information held by the application and thus very attractive to attackers in their own right.",
- "references": "* [OWASP Testing Guide 4.0 content: Testing for Error Handling](https://www.owasp.org/index.php/Testing_for_Error_Handling)",
- "enabled": true,
- "created": "2021-06-29T11:35:35.432Z",
- "updated": "2021-06-29T11:35:35.432Z"
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 8,
- "fields": {
- "type": 1,
- "name": "V9: Data Protection Verification Requirements",
- "objective": "There are three key elements to sound data protection: Confidentiality, Integrity and Availability (CIA). This standard assumes that data protection is enforced on a trusted system, such as a server, which has been hardened and has sufficient protections.\r\n\r\nApplications have to assume that all user devices are compromised in some way. Where an application transmits or stores sensitive information on insecure devices, such as shared computers, phones and tablets, the application is responsible for ensuring data stored on these devices is encrypted and cannot be easily illicitly obtained, altered or disclosed.\r\n\r\nEnsure that a verified application satisfies the following high level data protection requirements:\r\n\r\n*\tConfidentiality: Data should be protected from unauthorised observation or disclosure both in transit and when stored.\r\n*\tIntegrity: Data should be protected being maliciously created, altered or deleted by unauthorized attackers.\r\n*\tAvailability: Data should be available to authorized users as required",
- "references": "* [Consider using Security Headers website to check security and anti-caching headers](https://securityheaders.io)\r\n* [OWASP Secure Headers project](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project)\r\n* [User Privacy Protection Cheat Sheet](https://www.owasp.org/index.php/User_Privacy_Protection_Cheat_Sheet)",
- "enabled": true,
- "created": "2021-06-29T12:24:47.748Z",
- "updated": "2021-06-29T12:24:47.748Z"
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 9,
- "fields": {
- "type": 1,
- "name": "V10: Communications Verification Requirements",
- "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* That TLS is used where sensitive data is transmitted.\r\n* That strong algorithms and ciphers are used at all times.",
- "references": "* [OWASP TLS Cheat Sheet. ](https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet)\r\n* [Notes on Approved modes of TLS. In the past, the ASVS referred to the US standard FIPS 140-2, but as a global standard, applying US standards this can be difficult, contradictory, or confusing to apply. A better method of achieving compliance with 10.8 would be to review guides such as (https://wiki.mozilla.org/Security/Server_Side_TLS), generate known good configurations (https://mozilla.github.io/server-side-tls/ssl-config-generator/), and use known TLS evaluation tools, such as sslyze, various vulnerability scanners or trusted TLS online assessment services to obtain a desired level of security. In general, we see non-compliance for this section being the use of outdated or insecure ciphers and algorithms, the lack of perfect forward secrecy, outdated or insecure SSL protocols, weak preferred ciphers, and so on.]\r\n* [Certificate pinning. For more information please review ](https://tools.ietf.org/html/rfc7469.)The rationale behind certificate pinning for production and backup keys is business continuity - see (https://noncombatant.org/2015/05/01/about-http-public-key-pinning/)\r\n* [OWASP Certificate Pinning Cheat Sheet](https://www.owasp.org/index.php/Pinning_Cheat_Sheet)\r\n* [OWASP Certificate and Public Key Pinning](https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning)\r\n* [Time of first use (TOFU) Pinning](https://developer.mozilla.org/en/docs/Web/Security/Public_Key_Pinning)\r\n* [Pre-loading HTTP Strict Transport Security](https://www.chromium.org/hsts)",
- "enabled": true,
- "created": "2021-06-29T17:57:07.587Z",
- "updated": "2021-06-29T17:57:07.587Z"
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 10,
- "fields": {
- "type": 1,
- "name": "V13: Malicious Code Verification Requirements",
- "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* Malicious activity is handled securely and properly as to not affect the rest of the application.\r\n* Do not have time bombs or other time based attacks built into them\r\n* Do not phone home to malicious or unauthorized destinations\r\n* Applications do not have back doors, Easter eggs, salami attacks, or logic flaws that can be controlled by an attacker\r\n\r\nMalicious code is extremely rare, and is difficult to detect. Manual line by line code review can assist looking for logic bombs, but even the most experienced code reviewer will struggle to find malicious code even if they know it exists. This section is not possible to complete without access to source code, including as many third party libraries as possible.",
- "references": "",
- "enabled": true,
- "created": "2021-06-29T18:11:08.320Z",
- "updated": "2021-06-29T18:11:08.320Z"
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 11,
- "fields": {
- "type": 1,
- "name": "V15: Business Logic Verification Requirements",
- "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* The business logic flow is sequential and in order\r\n* Business logic includes limits to detect and prevent automated attacks, such as continuous small funds transfers, or adding a million friends one at a time, and so on.\r\n* High value business logic flows have considered abuse cases and malicious actors, and have protections against spoofing, tampering, repudiation, information disclosure, and elevation of privilege attacks.",
- "references": "* [OWASP Testing Guide 4.0: Business Logic Testing ](https://www.owasp.org/index.php/Testing_for_business_logic)\r\n* [OWASP Cheat Sheet](https://www.owasp.org/index.php/Business_Logic_Security_Cheat_Sheet)",
- "enabled": true,
- "created": "2021-06-29T18:13:46.162Z",
- "updated": "2021-06-29T18:13:46.162Z"
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 12,
- "fields": {
- "type": 1,
- "name": "V16: File and Resources Verification Requirements",
- "objective": "Ensure that a verified application satisfies the following high level requirements:\r\n\r\n* Untrusted file data should be handled accordingly and in a secure manner\r\n* Obtained from untrusted sources are stored outside the webroot and limited permissions.",
- "references": "",
- "enabled": true,
- "created": "2021-06-29T18:23:02.384Z",
- "updated": "2021-06-29T18:23:02.384Z"
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 13,
- "fields": {
- "type": 1,
- "name": "V18: API and Web Service Verification Requirements",
- "objective": "Ensure that a verified application that uses RESTful or SOAP based web services has:\r\n\r\n* Adequate authentication, session management and authorization of all web services\r\n* Input validation of all parameters that transit from a lower to higher trust level\r\n* Basic interoperability of SOAP web services layer to promote API use",
- "references": "* [OWASP Testing Guide 4.0: Configuration and Deployment Management Testing](https://www.owasp.org/index.php/Testing_for_configuration_management)\r\n* [OWASP Cross-Site Request Forgery cheat sheet](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet)\r\n* [JSON Web Tokens (and Signing)](https://jwt.io/)",
- "enabled": true,
- "created": "2021-06-29T18:35:16.622Z",
- "updated": "2021-06-29T18:35:16.622Z"
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 14,
- "fields": {
- "type": 1,
- "name": "V19: Configuration Verification Requirements",
- "objective": "* Up to date libraries and platform(s).\r\n* A secure by default configuration.\r\n* Sufficient hardening that user initiated changes to default configuration do not unnecessarily expose or create security weaknesses or flaws to underlying systems.",
- "references": "* [OWASP Testing Guide 4.0: Configuration and Deployment Management Testing](https://www.owasp.org/index.php/Testing_for_configuration_management)",
- "enabled": true,
- "created": "2021-06-29T18:35:55.518Z",
- "updated": "2021-06-29T18:35:55.518Z"
- }
-},
-{
- "model": "dojo.benchmark_category",
- "pk": 15,
- "fields": {
- "type": 1,
- "name": "V20: Internet of Things Verification Requirements",
- "objective": "Embedded/IoT devices should:\r\n\r\n* Have the same level of security controls within the device as found in the server, by enforcing security controls in a trusted environment.\r\n* Sensitive data stored on the device should be done so in a secure manner.\r\n* All sensitive data transmitted from the device should utilize transport layer security.",
- "references": "* [OWASP Internet of Things Top 10](https://www.owasp.org/files/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf)\r\n* [OWASP Internet of Things Project](https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project)\r\n* [Trudy TCP Proxy Tool](https://github.com/praetorian-inc/trudy)",
- "enabled": true,
- "created": "2021-06-29T18:36:37.446Z",
- "updated": "2021-06-29T18:36:37.446Z"
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 1,
- "fields": {
- "category": 1,
- "objective_number": "7.2",
- "objective": "Verify that all cryptographic modules fail securely, and errors are handled in a way that does not enable Padding Oracle.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-22T12:37:28.273Z",
- "updated": "2021-06-22T12:37:28.273Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 2,
- "fields": {
- "category": 1,
- "objective_number": "7.6",
- "objective": "Verify that all random numbers, random file names, random GUIDs, and random strings are generated using the cryptographic modules approved random number generator when these random values are intended to be not guessable by an attacker.\",",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-23T08:40:34.631Z",
- "updated": "2021-06-23T08:40:34.631Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 3,
- "fields": {
- "category": 1,
- "objective_number": "7.7",
- "objective": "Verify that cryptographic algorithms used by the application have been validated against FIPS 140-2 or an equivalent standard.",
- "references": "",
- "level_1": true,
- "level_2": false,
- "level_3": false,
- "enabled": true,
- "created": "2021-06-23T12:55:37.713Z",
- "updated": "2021-06-23T12:55:37.713Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 4,
- "fields": {
- "category": 2,
- "objective_number": "2.1",
- "objective": "Verify all pages and resources are protected by server-side authentication, except those specifically intended to be public.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-28T13:07:20.805Z",
- "updated": "2021-06-28T13:07:20.805Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 5,
- "fields": {
- "category": 3,
- "objective_number": "1.1",
- "objective": "All app components are identified and known to be needed.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T09:51:05.383Z",
- "updated": "2021-06-29T09:51:05.383Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 6,
- "fields": {
- "category": 3,
- "objective_number": "1.2",
- "objective": "Security controls are never enforced only on the client side, but on the respective remote endpoints.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T09:52:09.763Z",
- "updated": "2021-06-29T09:52:09.763Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 7,
- "fields": {
- "category": 3,
- "objective_number": "1.3",
- "objective": "A high-level architecture for the application and all connected remote services has been defined and security has been addressed in that architecture.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T09:52:27.454Z",
- "updated": "2021-06-29T09:52:27.454Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 8,
- "fields": {
- "category": 3,
- "objective_number": "1.4",
- "objective": "Data considered sensitive in the context of the application is clearly identified.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T09:52:59.300Z",
- "updated": "2021-06-29T09:52:59.300Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 9,
- "fields": {
- "category": 3,
- "objective_number": "1.5",
- "objective": "All app components are defined in terms of the business functions and/or security functions they provide.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T09:53:42.466Z",
- "updated": "2021-06-29T09:53:42.466Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 11,
- "fields": {
- "category": 3,
- "objective_number": "1.6",
- "objective": "A threat model for the application and the associated remote services has been produced that identifies potential threats and countermeasures.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T09:54:29.724Z",
- "updated": "2021-06-29T09:54:29.724Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 12,
- "fields": {
- "category": 3,
- "objective_number": "1.7",
- "objective": "All security controls have a centralized implementation.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T09:54:45.671Z",
- "updated": "2021-06-29T09:54:45.671Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 13,
- "fields": {
- "category": 3,
- "objective_number": "1.8",
- "objective": "Components are segregated from each other via a defined security control, such as network segmentation, firewall rules, or cloud based security group",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T09:55:21.677Z",
- "updated": "2021-06-29T09:55:21.677Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 14,
- "fields": {
- "category": 3,
- "objective_number": "1.9",
- "objective": "A mechanism for enforcing updates of the application exists.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T09:55:36.823Z",
- "updated": "2021-06-29T09:55:36.823Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 15,
- "fields": {
- "category": 3,
- "objective_number": "1.10",
- "objective": "Security is addressed within all parts of the software development lifecycle.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T09:56:13.684Z",
- "updated": "2021-06-29T09:56:13.684Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 16,
- "fields": {
- "category": 3,
- "objective_number": "1.11",
- "objective": "All application components, libraries, modules, frameworks, platform, and operating systems are free from known vulnerabilities",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T09:56:43.648Z",
- "updated": "2021-06-29T09:56:43.648Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 17,
- "fields": {
- "category": 3,
- "objective_number": "1.12",
- "objective": "There is an explicit policy for how cryptographic keys (if any) are managed, and the lifecycle of cryptographic keys is enforced. Ideally, follow a key management standard such as NIST SP 800-57.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T09:57:12.345Z",
- "updated": "2021-06-29T09:57:12.345Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 18,
- "fields": {
- "category": 2,
- "objective_number": "2.2",
- "objective": "Verify that the application does not automatically fill in credentials either as hidden fields, URL arguments, Ajax requests, or in forms, as this implies plain text, reversible or de-cryptable password storage. Random time limited nonces are acceptable as stand ins, such as to protect change password forms or forgot password forms.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:47:59.343Z",
- "updated": "2021-06-29T10:47:59.343Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 19,
- "fields": {
- "category": 2,
- "objective_number": "2.6",
- "objective": "Verify all authentication controls fail securely to ensure attackers cannot log in.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:48:16.224Z",
- "updated": "2021-06-29T10:48:16.224Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 20,
- "fields": {
- "category": 2,
- "objective_number": "2.7",
- "objective": "Verify password entry fields allow, or encourage, the use of passphrases, and do not prevent long passphrases or highly complex passwords being entered.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:48:36.593Z",
- "updated": "2021-06-29T10:48:36.593Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 21,
- "fields": {
- "category": 2,
- "objective_number": "2.8",
- "objective": "Verify all identity functions (e.g. forgot password, change password, change email, manage 2FA token, etc.) have the security controls, as the primary authentication mechanism (e.g. login form).",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:49:04.310Z",
- "updated": "2021-06-29T10:49:04.310Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 22,
- "fields": {
- "category": 2,
- "objective_number": "2.9",
- "objective": "Verify that the changing password functionality includes the old password, the new password, and a password confirmation.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:49:21.570Z",
- "updated": "2021-06-29T10:49:21.570Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 23,
- "fields": {
- "category": 2,
- "objective_number": "2.12",
- "objective": "Verify that all authentication decisions can be logged, without storing sensitive session identifiers or passwords. This should include requests with relevant metadata needed for security investigations.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:49:49.215Z",
- "updated": "2021-06-29T10:49:49.215Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 24,
- "fields": {
- "category": 2,
- "objective_number": "2.13",
- "objective": "Verify that account passwords are one way hashed with a salt, and there is sufficient work factor to defeat brute force and password hash recovery attacks.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:50:07.859Z",
- "updated": "2021-06-29T10:50:07.859Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 25,
- "fields": {
- "category": 2,
- "objective_number": "2.16",
- "objective": "Verify that all application data is transmitted over an encrypted channel (e.g. TLS).",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:50:34.637Z",
- "updated": "2021-06-29T10:50:34.637Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 26,
- "fields": {
- "category": 2,
- "objective_number": "2.17",
- "objective": "Verify that the forgotten password function and other recovery paths do not reveal the current password and that the new password is not sent in clear text to the user. A one time password reset link should be used instead.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:50:53.445Z",
- "updated": "2021-06-29T10:50:53.445Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 27,
- "fields": {
- "category": 2,
- "objective_number": "2.18",
- "objective": "Verify that information enumeration is not possible via login, password reset, or forgot account functionality.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:51:09.766Z",
- "updated": "2021-06-29T10:51:09.766Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 28,
- "fields": {
- "category": 2,
- "objective_number": "2.19",
- "objective": "Verify there are no default passwords in use for the application framework or any components used by the application (such as admin/password).",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:51:28.174Z",
- "updated": "2021-06-29T10:51:28.174Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 29,
- "fields": {
- "category": 2,
- "objective_number": "2.20",
- "objective": "Verify that anti-automation is in place to prevent breached credential testing, brute forcing, and account lockout attacks.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:51:47.647Z",
- "updated": "2021-06-29T10:51:47.647Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 30,
- "fields": {
- "category": 2,
- "objective_number": "2.21",
- "objective": "Verify that all authentication credentials for accessing services external to the application are encrypted and stored in a protected location.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:54:32.530Z",
- "updated": "2021-06-29T10:54:32.530Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 31,
- "fields": {
- "category": 2,
- "objective_number": "2.22",
- "objective": "Verify that forgotten password and other recovery paths use a TOTP or other soft token, mobile push, or other offline recovery mechanism. The use of SMS has been deprecated by NIST and should not be used.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:54:50.186Z",
- "updated": "2021-06-29T10:54:50.186Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 32,
- "fields": {
- "category": 2,
- "objective_number": "2.23",
- "objective": "Verify that account lockout is divided into soft and hard lock status, and these are not mutually exclusive. If an account is temporarily soft locked out due to a brute force attack, this should not reset the hard lock status.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:55:08.158Z",
- "updated": "2021-06-29T10:55:08.158Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 33,
- "fields": {
- "category": 2,
- "objective_number": "2.24",
- "objective": "Verify that if secret questions are required, the questions do not violate privacy laws and are sufficiently strong to protect accounts from malicious recovery.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:55:28.074Z",
- "updated": "2021-06-29T10:55:28.074Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 34,
- "fields": {
- "category": 2,
- "objective_number": "2.25",
- "objective": "Verify that high value applications can be configured to disallow the use of a configurable number of previous passwords.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:55:48.990Z",
- "updated": "2021-06-29T10:55:48.990Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 35,
- "fields": {
- "category": 2,
- "objective_number": "2.26",
- "objective": "Verify that sensitive operations (e.g. change password, change email address, add new biller, etc.) require re-authentication (e.g. password or 2FA token). This is in addition to CSRF measures, not instead.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:56:04.324Z",
- "updated": "2021-06-29T10:56:04.324Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 36,
- "fields": {
- "category": 2,
- "objective_number": "2.27",
- "objective": "Verify that measures are in place to block the use of commonly chosen passwords and weak pass-phrases.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:56:22.701Z",
- "updated": "2021-06-29T10:56:22.701Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 37,
- "fields": {
- "category": 2,
- "objective_number": "2.28",
- "objective": "Verify that all authentication challenges, whether successful or failed, should respond in the same average response time.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:56:44.117Z",
- "updated": "2021-06-29T10:56:44.117Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 38,
- "fields": {
- "category": 2,
- "objective_number": "2.29",
- "objective": "Verify that secrets, API keys, and passwords are not included in the source code, or online source code repositories.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:57:00.884Z",
- "updated": "2021-06-29T10:57:00.884Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 39,
- "fields": {
- "category": 2,
- "objective_number": "2.31",
- "objective": "Verify that users can enrol and use TOTP verification, two-factor, biometric (Touch ID or similar), or equivalent multi-factor authentication mechanism that provides protection against single factor credential disclosure.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:57:20.100Z",
- "updated": "2021-06-29T10:57:20.100Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 40,
- "fields": {
- "category": 2,
- "objective_number": "2.32",
- "objective": "Verify that access to administrative interfaces are strictly controlled and not accessible to untrusted parties.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:57:37.083Z",
- "updated": "2021-06-29T10:57:37.083Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 41,
- "fields": {
- "category": 2,
- "objective_number": "3.1",
- "objective": "Verify that the application is compatible with browser based and third party password managers, unless prohibited by risk based policy.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T10:57:54.657Z",
- "updated": "2021-06-29T10:57:54.657Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 42,
- "fields": {
- "category": 4,
- "objective_number": "3.2",
- "objective": "Verify that sessions are invalidated when the user logs out.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:03:24.654Z",
- "updated": "2021-06-29T11:03:24.654Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 43,
- "fields": {
- "category": 4,
- "objective_number": "3.3",
- "objective": "Verify that sessions timeout after a specified period of inactivity.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:03:42.209Z",
- "updated": "2021-06-29T11:03:42.209Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 44,
- "fields": {
- "category": 4,
- "objective_number": "3.4",
- "objective": "Verify that sessions timeout after an administratively-configurable maximum time period regardless of activity (an absolute timeout).",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:04:05.047Z",
- "updated": "2021-06-29T11:04:05.047Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 45,
- "fields": {
- "category": 4,
- "objective_number": "3.5",
- "objective": "Verify that all pages that require authentication have easy and visible access to logout functionality.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:04:26.223Z",
- "updated": "2021-06-29T11:04:26.223Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 46,
- "fields": {
- "category": 4,
- "objective_number": "3.6",
- "objective": "Test that the session ID is never disclosed in URLs, error messages, or logs. This includes verifying that the application does not support URL rewriting of session cookies.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:04:46.281Z",
- "updated": "2021-06-29T11:04:46.281Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 47,
- "fields": {
- "category": 4,
- "objective_number": "3.7",
- "objective": "Verify that all successful authentication and re-authentication generates a new session and session id.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:05:07.271Z",
- "updated": "2021-06-29T11:05:07.271Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 48,
- "fields": {
- "category": 4,
- "objective_number": "3.10",
- "objective": "Verify that only session ids generated by the application framework are recognised as active by the application.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:05:28.910Z",
- "updated": "2021-06-29T11:05:28.910Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 49,
- "fields": {
- "category": 4,
- "objective_number": "3.11",
- "objective": "Test session IDs against criteria such as their randomness, uniqueness, resistance to statistical and cryptographic analysis and information leakage.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:05:44.227Z",
- "updated": "2021-06-29T11:05:44.227Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 50,
- "fields": {
- "category": 4,
- "objective_number": "3.12",
- "objective": "Verify that session IDs stored in cookies are scoped using the 'path' attribute; and have the 'HttpOnly' and 'Secure' cookie flags enabled.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:06:03.581Z",
- "updated": "2021-06-29T11:06:03.581Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 51,
- "fields": {
- "category": 4,
- "objective_number": "3.17",
- "objective": "Verify that the application tracks all active sessions. And allows users to terminate sessions selectively or globally from their account.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:06:26.772Z",
- "updated": "2021-06-29T11:06:26.772Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 52,
- "fields": {
- "category": 4,
- "objective_number": "3.18",
- "objective": "Verify for high value applications that the user is prompted with the option to terminate all other active sessions after a successful change password process.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:06:53.011Z",
- "updated": "2021-06-29T11:06:53.011Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 53,
- "fields": {
- "category": 5,
- "objective_number": "4.1",
- "objective": "Verify that the principle of least privilege exists - users should only be able to access functions, data files, URLs, controllers, services, and other resources, for which they possess specific authorization. This implies protection against spoofing and elevation of privilege.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:09:31.529Z",
- "updated": "2021-06-29T11:09:31.529Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 54,
- "fields": {
- "category": 5,
- "objective_number": "4.4",
- "objective": "Verify that access to sensitive records is protected, such that only authorized objects or data is accessible to each user (for example, protect against users tampering with a parameter to see or alter another user's account).",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:09:48.249Z",
- "updated": "2021-06-29T11:09:48.249Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 55,
- "fields": {
- "category": 5,
- "objective_number": "4.5",
- "objective": "Verify that directory browsing is disabled unless deliberately desired. Additionally, applications should not allow discovery or disclosure of file or directory metadata, such as Thumbs.db, .DS_Store, .git or .svn folders.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:10:05.314Z",
- "updated": "2021-06-29T11:10:05.314Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 56,
- "fields": {
- "category": 5,
- "objective_number": "4.8",
- "objective": "Verify that access controls fail securely.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:10:23.333Z",
- "updated": "2021-06-29T11:10:23.333Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 57,
- "fields": {
- "category": 5,
- "objective_number": "4.9",
- "objective": "Verify that the same access control rules implied by the presentation layer are enforced on the server side.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:10:44.662Z",
- "updated": "2021-06-29T11:10:44.662Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 58,
- "fields": {
- "category": 5,
- "objective_number": "4.10",
- "objective": "Verify that all user and data attributes and policy information used by access controls cannot be manipulated by end users unless specifically authorized.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:11:09.221Z",
- "updated": "2021-06-29T11:11:09.221Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 59,
- "fields": {
- "category": 5,
- "objective_number": "4.11",
- "objective": "Verify that there is a centralized mechanism (including libraries that call external authorization services) for protecting access to each type of protected resource.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:11:27.195Z",
- "updated": "2021-06-29T11:11:27.195Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 60,
- "fields": {
- "category": 5,
- "objective_number": "4.12",
- "objective": "Verify that all access control decisions can be logged and all failed decisions are logged.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:11:42.332Z",
- "updated": "2021-06-29T11:11:42.332Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 61,
- "fields": {
- "category": 5,
- "objective_number": "4.13",
- "objective": "Verify that the application or framework uses strong random anti-CSRF tokens or has another transaction protection mechanism.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:12:15.969Z",
- "updated": "2021-06-29T11:12:15.969Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 62,
- "fields": {
- "category": 5,
- "objective_number": "4.4",
- "objective": "Verify the system can protect against aggregate or continuous access of secured functions, resources, or data. For example, consider the use of a resource governor to limit the number of edits per hour or to prevent the entire database from being scraped by an individual user.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:12:31.357Z",
- "updated": "2021-06-29T11:12:31.357Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 63,
- "fields": {
- "category": 5,
- "objective_number": "4.15",
- "objective": "Verify the application has additional authorization (such as step up or adaptive authentication) for lower value systems, and / or segregation of duties for high value applications to enforce anti-fraud controls as per the risk of application and past fraud.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:12:55.170Z",
- "updated": "2021-06-29T11:12:55.170Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 64,
- "fields": {
- "category": 5,
- "objective_number": "4.16",
- "objective": "Verify that the application correctly enforces context-sensitive authorisation so as to not allow unauthorised manipulation by means of parameter tampering.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:13:13.009Z",
- "updated": "2021-06-29T11:13:13.009Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 65,
- "fields": {
- "category": 6,
- "objective_number": "5.3",
- "objective": "Verify that server side input validation failures result in request rejection and are logged.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:19:50.413Z",
- "updated": "2021-06-29T11:19:50.413Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 66,
- "fields": {
- "category": 6,
- "objective_number": "5.5",
- "objective": "Verify that input validation routines are enforced on the server side.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:20:14.088Z",
- "updated": "2021-06-29T11:20:14.088Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 67,
- "fields": {
- "category": 6,
- "objective_number": "5.6",
- "objective": "Verify that a centralized input validation control mechanism is used by the application.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:20:34.745Z",
- "updated": "2021-06-29T11:20:34.745Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 68,
- "fields": {
- "category": 6,
- "objective_number": "5.10",
- "objective": "Verify that all database queries are protected by the use of parameterized queries or proper ORM usage to avoid SQL injection.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:20:50.454Z",
- "updated": "2021-06-29T11:20:50.454Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 69,
- "fields": {
- "category": 6,
- "objective_number": "5.11",
- "objective": "Verify that the application is not susceptible to LDAP Injection, or that security controls prevent LDAP Injection.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:21:06.964Z",
- "updated": "2021-06-29T11:21:06.964Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 70,
- "fields": {
- "category": 6,
- "objective_number": "5.12",
- "objective": "Verify that the application is not susceptible to OS Command Injection, or that security controls prevent OS Command Injection.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:21:23.126Z",
- "updated": "2021-06-29T11:21:23.126Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 71,
- "fields": {
- "category": 6,
- "objective_number": "5.13",
- "objective": "Verify that the application is not susceptible to Remote File Inclusion (RFI) or Local File Inclusion (LFI) when content is used that is a path to a file.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:21:40.437Z",
- "updated": "2021-06-29T11:21:40.437Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 72,
- "fields": {
- "category": 6,
- "objective_number": "5.14",
- "objective": "Verify that the application is not susceptible XPath injection or XML injection attacks.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:21:55.675Z",
- "updated": "2021-06-29T11:21:55.675Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 73,
- "fields": {
- "category": 6,
- "objective_number": "5.15",
- "objective": "Verify that all string variables placed into HTML or other web client code are either properly contextually encoded manually, or utilize templates that automatically contextually encode to ensure the application is not susceptible to reflected, stored or DOM Cross-Site Scripting (XSS) attacks.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:22:11.541Z",
- "updated": "2021-06-29T11:22:11.541Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 74,
- "fields": {
- "category": 6,
- "objective_number": "5.16",
- "objective": "Verify that the application does not contain mass parameter assignment (AKA automatic variable binding) vulnerabilities.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:22:30.790Z",
- "updated": "2021-06-29T11:22:30.790Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 75,
- "fields": {
- "category": 6,
- "objective_number": "5.17",
- "objective": "Verify that the application has defenses against HTTP parameter pollution attacks, particularly if the application framework makes no distinction about the source of request parameters (GET, POST, cookies, headers, environment, etc.)",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:22:49.904Z",
- "updated": "2021-06-29T11:22:49.904Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 76,
- "fields": {
- "category": 6,
- "objective_number": "5.19",
- "objective": "Verify that all input data is validated, not only HTML form fields but all sources of input such as REST calls, query parameters, HTTP headers, cookies, batch files, RSS feeds, etc; using positive validation (whitelisting), then lesser forms of validation such as grey listing (eliminating known bad strings), or rejecting bad inputs (blacklisting).",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:23:08.013Z",
- "updated": "2021-06-29T11:23:08.013Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 77,
- "fields": {
- "category": 6,
- "objective_number": "5.20",
- "objective": "Verify that structured data is strongly typed and validated against a defined schema including allowed characters, length and pattern (e.g. credit card numbers or telephone, or validating that two related fields are reasonable, such as validating suburbs and zip or post codes match).",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:26:04.647Z",
- "updated": "2021-06-29T11:26:04.647Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 78,
- "fields": {
- "category": 6,
- "objective_number": "5.21",
- "objective": "Verify that unstructured data is sanitized to enforce generic safety measures such as allowed characters and length, and characters potentially harmful in given context should be escaped (e.g. natural names with Unicode or apostrophes, such as O'Hara)",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:26:44.642Z",
- "updated": "2021-06-29T11:26:44.642Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 79,
- "fields": {
- "category": 6,
- "objective_number": "5.22",
- "objective": "Verify that all untrusted HTML input from WYSIWYG editors or similar is properly sanitized with an HTML sanitizer library or framework feature.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:27:09.785Z",
- "updated": "2021-06-29T11:27:09.785Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 80,
- "fields": {
- "category": 6,
- "objective_number": "5.24",
- "objective": "Verify that where data is transferred from one DOM context to another, the transfer uses safe JavaScript methods, such as using innerText or .val to ensure the application is not susceptible to DOM Cross-Site Scripting (XSS) attacks.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:27:28.549Z",
- "updated": "2021-06-29T11:27:28.549Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 81,
- "fields": {
- "category": 6,
- "objective_number": "5.25",
- "objective": "Verify when parsing JSON in browsers or JavaScript based backends, that JSON.parse is used to parse the JSON document. Do not use eval() to parse JSON.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:27:44.629Z",
- "updated": "2021-06-29T11:27:44.629Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 82,
- "fields": {
- "category": 6,
- "objective_number": "5.27",
- "objective": "Verify the application for Server Side Request Forgery vulnerabilities.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:28:10.149Z",
- "updated": "2021-06-29T11:28:10.149Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 83,
- "fields": {
- "category": 6,
- "objective_number": "5.28",
- "objective": "Verify that the application correctly restricts XML parsers to only use the most restrictive configuration possible and to ensure that dangerous features such as resolving external entities are disabled.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:28:30.927Z",
- "updated": "2021-06-29T11:28:30.927Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 84,
- "fields": {
- "category": 6,
- "objective_number": "5.29",
- "objective": "Verify that deserialization of untrusted data is avoided or is extensively protected when deserialization cannot be avoided.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:28:49.023Z",
- "updated": "2021-06-29T11:28:49.023Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 85,
- "fields": {
- "category": 1,
- "objective_number": "7.8",
- "objective": "Verify that cryptographic modules operate in their approved mode according to their published security policies.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:30:40.745Z",
- "updated": "2021-06-29T11:30:40.745Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 86,
- "fields": {
- "category": 1,
- "objective_number": "7.9",
- "objective": "Verify that there is an explicit policy for how cryptographic keys are managed (e.g., generated, distributed, revoked, and expired). Verify that this key lifecycle is properly enforced.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:31:34.511Z",
- "updated": "2021-06-29T11:31:34.511Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 87,
- "fields": {
- "category": 1,
- "objective_number": "7.11",
- "objective": "Verify that all consumers of cryptographic services do not have direct access to key material. Isolate cryptographic processes, including master secrets and consider the use of a virtualized or physical hardware key vault (HSM).",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:31:55.623Z",
- "updated": "2021-06-29T11:31:55.623Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 88,
- "fields": {
- "category": 1,
- "objective_number": "7.12",
- "objective": "Verify that Personally Identifiable Information (PII) and other sensitive data is stored encrypted while at rest.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:32:13.340Z",
- "updated": "2021-06-29T11:32:13.340Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 89,
- "fields": {
- "category": 1,
- "objective_number": "7.13",
- "objective": "Verify that sensitive passwords or key material maintained in memory is overwritten with zeros as soon as it is no longer required, to mitigate memory dumping attacks.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:32:44.415Z",
- "updated": "2021-06-29T11:32:44.415Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 90,
- "fields": {
- "category": 1,
- "objective_number": "7.14",
- "objective": "Verify that all keys and passwords are replaceable, and are generated or replaced at installation time.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:33:57.883Z",
- "updated": "2021-06-29T11:33:57.883Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 91,
- "fields": {
- "category": 1,
- "objective_number": "7.15",
- "objective": "Verify that random numbers are created with proper entropy even when the application is under heavy load, or that the application degrades gracefully in such circumstances.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:34:17.766Z",
- "updated": "2021-06-29T11:34:17.766Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 92,
- "fields": {
- "category": 7,
- "objective_number": "8.1",
- "objective": "Verify that the application does not output error messages or stack traces containing sensitive data that could assist an attacker, including session id, software/framework versions and personal information.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:36:36.883Z",
- "updated": "2021-06-29T11:36:36.883Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 93,
- "fields": {
- "category": 7,
- "objective_number": "8.2",
- "objective": "Verify that error handling logic in security controls denies access by default.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:36:58.013Z",
- "updated": "2021-06-29T11:36:58.013Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 94,
- "fields": {
- "category": 7,
- "objective_number": "8.3",
- "objective": "Verify security logging controls provide the ability to log success and particularly failure events that are identified as security-relevant.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:44:27.487Z",
- "updated": "2021-06-29T11:44:27.487Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 95,
- "fields": {
- "category": 7,
- "objective_number": "8.4",
- "objective": "Verify that each log event includes necessary information that would allow for a detailed investigation of the timeline when an event happens.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:44:46.451Z",
- "updated": "2021-06-29T11:44:46.451Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 96,
- "fields": {
- "category": 7,
- "objective_number": "8.5",
- "objective": "Verify that all events that include untrusted data will not execute as code in the intended log viewing software.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:45:02.199Z",
- "updated": "2021-06-29T11:45:02.199Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 97,
- "fields": {
- "category": 7,
- "objective_number": "8.6",
- "objective": "Verify that security logs are protected from unauthorized access and modification.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:45:22.653Z",
- "updated": "2021-06-29T11:45:22.653Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 98,
- "fields": {
- "category": 7,
- "objective_number": "8.7",
- "objective": "Verify that the application does not log sensitive data as defined under local privacy laws or regulations, organizational sensitive data as defined by a risk assessment, or sensitive authentication data that could assist an attacker, including user's session identifiers, passwords, hashes, or API tokens.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:45:49.298Z",
- "updated": "2021-06-29T11:45:49.298Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 99,
- "fields": {
- "category": 7,
- "objective_number": "8.8",
- "objective": "Verify that all non-printable symbols and field separators are properly encoded in log entries, to prevent log injection.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:46:04.125Z",
- "updated": "2021-06-29T11:46:04.125Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 100,
- "fields": {
- "category": 7,
- "objective_number": "8.9",
- "objective": "Verify that log fields from trusted and untrusted sources are distinguishable in log entries.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:46:26.650Z",
- "updated": "2021-06-29T11:46:26.650Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 101,
- "fields": {
- "category": 7,
- "objective_number": "8.10",
- "objective": "Verify that an audit log or similar allows for non-repudiation of key transactions.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:46:45.582Z",
- "updated": "2021-06-29T11:46:45.582Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 102,
- "fields": {
- "category": 7,
- "objective_number": "8.11",
- "objective": "Verify that security logs have some form of integrity checking or controls to prevent unauthorized modification.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:47:02.190Z",
- "updated": "2021-06-29T11:47:02.190Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 103,
- "fields": {
- "category": 7,
- "objective_number": "8.12",
- "objective": "Verify that security logs have some form of integrity checking or controls to prevent unauthorized modification.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:47:46.283Z",
- "updated": "2021-06-29T11:47:46.283Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 104,
- "fields": {
- "category": 7,
- "objective_number": "8.13",
- "objective": "Verify that time sources are synchronized to the correct time and time zone.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T11:48:05.620Z",
- "updated": "2021-06-29T11:48:05.620Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 105,
- "fields": {
- "category": 8,
- "objective_number": "9.1",
- "objective": "Verify that all forms containing sensitive information have disabled client side caching, including autocomplete features.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T12:25:19.688Z",
- "updated": "2021-06-29T12:25:19.688Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 106,
- "fields": {
- "category": 8,
- "objective_number": "9.2",
- "objective": "Verify that the list of sensitive data processed by the application is identified, and that there is an explicit policy for how access to this data must be controlled, encrypted and enforced under relevant data protection directives.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T12:25:40.315Z",
- "updated": "2021-06-29T12:25:40.315Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 107,
- "fields": {
- "category": 8,
- "objective_number": "9.3",
- "objective": "Verify that all sensitive data is sent to the server in the HTTP message body or headers (i.e., URL parameters are never used to send sensitive data).",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T12:25:56.919Z",
- "updated": "2021-06-29T12:25:56.919Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 108,
- "fields": {
- "category": 8,
- "objective_number": "9.4",
- "objective": "Verify that the application sets sufficient anti-caching headers such that any sensitive and personal information displayed by the application or entered by the user should not be cached on disk by mainstream modern browsers (e.g. visit about:cache to review disk cache).",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T12:26:14.205Z",
- "updated": "2021-06-29T12:26:14.205Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 109,
- "fields": {
- "category": 8,
- "objective_number": "9.5",
- "objective": "Verify that on the server, all cached or temporary copies of sensitive data stored are protected from unauthorized access or purged/invalidated after the authorized user accesses the sensitive data.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T12:26:30.429Z",
- "updated": "2021-06-29T12:26:30.429Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 110,
- "fields": {
- "category": 8,
- "objective_number": "9.6",
- "objective": "Verify that there is a method to remove each type of sensitive data from the application at the end of the required retention policy.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T12:26:45.509Z",
- "updated": "2021-06-29T12:26:45.509Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 111,
- "fields": {
- "category": 8,
- "objective_number": "9.7",
- "objective": "Verify the application minimizes the number of parameters in a request, such as hidden fields, Ajax variables, cookies and header values.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T12:27:04.786Z",
- "updated": "2021-06-29T12:27:04.786Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 112,
- "fields": {
- "category": 8,
- "objective_number": "9.8",
- "objective": "Verify the application has the ability to detect and alert on abnormal numbers of requests for data harvesting for an example screen scraping.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T12:27:20.007Z",
- "updated": "2021-06-29T12:27:20.007Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 113,
- "fields": {
- "category": 8,
- "objective_number": "9.9",
- "objective": "Verify that data stored in client side storage (such as HTML5 local storage, session storage, IndexedDB, regular cookies or Flash cookies) does not contain sensitive data or PII.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T12:27:37.137Z",
- "updated": "2021-06-29T12:27:37.137Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 114,
- "fields": {
- "category": 8,
- "objective_number": "9.10",
- "objective": "Verify accessing sensitive data is logged, if the data is collected under relevant data protection directives or where logging of accesses is required.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T12:28:01.849Z",
- "updated": "2021-06-29T12:28:01.849Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 115,
- "fields": {
- "category": 8,
- "objective_number": "9.11",
- "objective": "Verify that sensitive information maintained in memory is overwritten with zeros as soon as it is no longer required, to mitigate memory dumping attacks.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T12:28:19.464Z",
- "updated": "2021-06-29T12:28:19.464Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 116,
- "fields": {
- "category": 8,
- "objective_number": "9.14",
- "objective": "Verify that authenticated data is cleared from client storage, such as the browser DOM, after the client or session is terminated.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T12:28:36.368Z",
- "updated": "2021-06-29T12:28:36.368Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 117,
- "fields": {
- "category": 9,
- "objective_number": "10.1",
- "objective": "Verify that a path can be built from a trusted CA to each Transport Layer Security (TLS) server certificate, and that each server certificate is valid.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T17:57:51.724Z",
- "updated": "2021-06-29T17:57:51.724Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 118,
- "fields": {
- "category": 9,
- "objective_number": "10.2",
- "objective": "Verify that TLS is used for all connections (including both external and backend connections) that are authenticated or that involve sensitive data or functions, and does not fall back to insecure or unencrypted protocols. Ensure the strongest alternative is the preferred algorithm.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T17:58:08.701Z",
- "updated": "2021-06-29T17:58:08.701Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 119,
- "fields": {
- "category": 9,
- "objective_number": "10.3",
- "objective": "Verify that backend TLS connection failures are logged.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T17:58:43.008Z",
- "updated": "2021-06-29T17:58:43.008Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 120,
- "fields": {
- "category": 9,
- "objective_number": "10.4",
- "objective": "Verify that certificate paths are built and verified for all client certificates using configured trust anchors and revocation information.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T17:59:00.835Z",
- "updated": "2021-06-29T17:59:00.835Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 121,
- "fields": {
- "category": 9,
- "objective_number": "10.5",
- "objective": "Verify that all connections to external systems that involve sensitive information or functions are authenticated.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T17:59:17.563Z",
- "updated": "2021-06-29T17:59:17.563Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 122,
- "fields": {
- "category": 9,
- "objective_number": "10.6",
- "objective": "Verify that there is a single standard TLS implementation that is used by the application that is configured to operate in an approved mode of operation.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T17:59:33.860Z",
- "updated": "2021-06-29T17:59:33.860Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 123,
- "fields": {
- "category": 9,
- "objective_number": "10.7",
- "objective": "Verify that TLS certificate public key pinning (HPKP) is implemented with production and backup public keys. For more information, please see the references below.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T17:59:57.308Z",
- "updated": "2021-06-29T17:59:57.308Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 124,
- "fields": {
- "category": 9,
- "objective_number": "10.8",
- "objective": "Verify that HTTP Strict Transport Security headers are included on all requests and for all subdomains, such as Strict-Transport-Security: max-age=15724800; includeSubdomains",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:00:23.218Z",
- "updated": "2021-06-29T18:00:23.218Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 125,
- "fields": {
- "category": 9,
- "objective_number": "10.9",
- "objective": "Verify that production website URL has been submitted to preloaded list of Strict Transport Security domains maintained by web browser vendors. Please see the references below.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:00:46.523Z",
- "updated": "2021-06-29T18:00:46.523Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 126,
- "fields": {
- "category": 9,
- "objective_number": "10.11",
- "objective": "Verify that perfect forward secrecy is configured to mitigate passive attackers recording traffic.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:01:11.667Z",
- "updated": "2021-06-29T18:01:11.667Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 127,
- "fields": {
- "category": 9,
- "objective_number": "10.11",
- "objective": "Verify that proper certification revocation, such as Online Certificate Status Protocol (OCSP) Stapling, is enabled and configured.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:01:31.481Z",
- "updated": "2021-06-29T18:01:31.481Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 128,
- "fields": {
- "category": 9,
- "objective_number": "10.13",
- "objective": "Verify that only strong algorithms, ciphers, and protocols are used, through all the certificate hierarchy, including root and intermediary certificates of your selected certifying authority.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:01:46.036Z",
- "updated": "2021-06-29T18:01:46.036Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 129,
- "fields": {
- "category": 9,
- "objective_number": "10.14",
- "objective": "Verify that the TLS settings are in line with current leading practice, particularly as common configurations, ciphers, and algorithms become insecure.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:02:06.170Z",
- "updated": "2021-06-29T18:02:06.170Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 130,
- "fields": {
- "category": 10,
- "objective_number": "13.1",
- "objective": "Verify all malicious activity is adequately sandboxed, containerized or isolated to delay and deter attackers from attacking other applications.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:11:51.230Z",
- "updated": "2021-06-29T18:11:51.230Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 131,
- "fields": {
- "category": 10,
- "objective_number": "13.2",
- "objective": "Verify that the application source code, and as many third party libraries as possible, does not contain back doors, Easter eggs, and logic flaws in authentication, access control, input validation, and the business logic of high value transactions.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:12:07.933Z",
- "updated": "2021-06-29T18:12:07.933Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 132,
- "fields": {
- "category": 11,
- "objective_number": "15.1",
- "objective": "Verify the application will only process business logic flows in sequential step order, with all steps being processed in realistic human time, and not process out of order, skipped steps, process steps from another user, or too quickly submitted transactions.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:14:19.422Z",
- "updated": "2021-06-29T18:14:19.422Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 133,
- "fields": {
- "category": 11,
- "objective_number": "15.2",
- "objective": "Verify the application has business limits and correctly enforces on a per user basis, with configurable alerting and automated reactions to automated or unusual attack.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:14:36.697Z",
- "updated": "2021-06-29T18:14:36.697Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 134,
- "fields": {
- "category": 12,
- "objective_number": "16.1",
- "objective": "Verify that URL redirects and forwards only allow whitelisted destinations, or show a warning when redirecting to potentially untrusted content.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:26:27.533Z",
- "updated": "2021-06-29T18:26:27.533Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 135,
- "fields": {
- "category": 12,
- "objective_number": "16.2",
- "objective": "Verify that untrusted file data submitted to the application is not used directly with file I/O commands, particularly to protect against path traversal, local file include, file mime type, reflective file download, and OS command injection vulnerabilities.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:26:43.732Z",
- "updated": "2021-06-29T18:26:43.732Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 136,
- "fields": {
- "category": 12,
- "objective_number": "16.3",
- "objective": "Verify that files obtained from untrusted sources are validated to be of expected type and scanned by antivirus scanners to prevent upload of known malicious content.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:27:09.137Z",
- "updated": "2021-06-29T18:27:09.137Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 137,
- "fields": {
- "category": 12,
- "objective_number": "16.4",
- "objective": "Verify that untrusted data is not used within inclusion, class loader, or reflection capabilities to prevent remote/local code execution vulnerabilities.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:29:28.123Z",
- "updated": "2021-06-29T18:29:28.123Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 138,
- "fields": {
- "category": 12,
- "objective_number": "16.5",
- "objective": "Verify that untrusted data is not used within cross-domain resource sharing (CORS) to protect against arbitrary remote content.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:29:48.225Z",
- "updated": "2021-06-29T18:29:48.225Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 139,
- "fields": {
- "category": 12,
- "objective_number": "16.6",
- "objective": "Verify that files obtained from untrusted sources are stored outside the webroot, with limited permissions, preferably with strong validation.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:30:05.507Z",
- "updated": "2021-06-29T18:30:05.507Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 140,
- "fields": {
- "category": 12,
- "objective_number": "16.7",
- "objective": "Verify that the web or application server is configured by default to deny access to remote resources or systems outside the web or application server.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:30:24.537Z",
- "updated": "2021-06-29T18:30:24.537Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 141,
- "fields": {
- "category": 12,
- "objective_number": "16.8",
- "objective": "Verify the application code does not execute uploaded data obtained from untrusted sources.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:30:41.998Z",
- "updated": "2021-06-29T18:30:41.998Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 142,
- "fields": {
- "category": 12,
- "objective_number": "16.9",
- "objective": "Verify that unsupported, insecure or deprecated client-side technologies are not used, such as NSAPI plugins, Flash, Shockwave, Active-X, Silverlight, NACL, or client-side Java applets.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:30:57.916Z",
- "updated": "2021-06-29T18:30:57.916Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 143,
- "fields": {
- "category": 12,
- "objective_number": "16.10",
- "objective": "Verify that the cross-domain resource sharing (CORS) Access-Control-Allow-Origin header does not simply reflect the request's origin header or support the \"null\" origin.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-29T18:31:14.337Z",
- "updated": "2021-06-29T18:31:14.337Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 144,
- "fields": {
- "category": 15,
- "objective_number": "20.1",
- "objective": "Verify that application layer debugging interfaces such USB or serial are disabled.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:30:00.289Z",
- "updated": "2021-06-30T03:30:00.289Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 145,
- "fields": {
- "category": 15,
- "objective_number": "20.2",
- "objective": "Verify that cryptographic keys are unique to each individual device.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:30:19.974Z",
- "updated": "2021-06-30T03:30:19.974Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 146,
- "fields": {
- "category": 15,
- "objective_number": "20.3",
- "objective": "Verify that memory protection controls such as ASLR and DEP are enabled by the embedded/IoT operating system, if applicable.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:30:34.796Z",
- "updated": "2021-06-30T03:30:34.796Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 147,
- "fields": {
- "category": 15,
- "objective_number": "20.4",
- "objective": "Verify that on-chip debugging interfaces such as JTAG or SWD are disabled or that available protection mechanism is enabled and configured appropriately.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:30:55.266Z",
- "updated": "2021-06-30T03:30:55.266Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 148,
- "fields": {
- "category": 15,
- "objective_number": "20.5",
- "objective": "Verify that physical debug headers are not present on the device.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:31:42.393Z",
- "updated": "2021-06-30T03:31:42.393Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 149,
- "fields": {
- "category": 15,
- "objective_number": "20.6",
- "objective": "Verify that sensitive data is not stored unencrypted on the device.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:32:01.534Z",
- "updated": "2021-06-30T03:32:01.534Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 150,
- "fields": {
- "category": 15,
- "objective_number": "20.7",
- "objective": "Verify that the device prevents leaking of sensitive information.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:32:22.208Z",
- "updated": "2021-06-30T03:32:22.208Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 151,
- "fields": {
- "category": 15,
- "objective_number": "20.8",
- "objective": "Verify that the firmware apps protect data-in-transit using transport security.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:32:56.382Z",
- "updated": "2021-06-30T03:32:56.382Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 152,
- "fields": {
- "category": 15,
- "objective_number": "20.9",
- "objective": "Verify that the firmware apps validate the digital signature of server connections.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:33:18.948Z",
- "updated": "2021-06-30T03:33:18.948Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 153,
- "fields": {
- "category": 15,
- "objective_number": "20.10",
- "objective": "Verify that wireless communications are mutually authenticated.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:33:40.069Z",
- "updated": "2021-06-30T03:33:40.069Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 154,
- "fields": {
- "category": 15,
- "objective_number": "20.11",
- "objective": "Verify that wireless communications are sent over an encrypted channel.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:34:00.224Z",
- "updated": "2021-06-30T03:34:00.224Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 155,
- "fields": {
- "category": 15,
- "objective_number": "20.12",
- "objective": "Verify that the firmware apps pin the digital signature to a trusted server(s).",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:34:16.802Z",
- "updated": "2021-06-30T03:34:16.802Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 156,
- "fields": {
- "category": 15,
- "objective_number": "20.13",
- "objective": "Verify the presence of physical tamper resistance and/or tamper detection features, including epoxy.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:34:36.393Z",
- "updated": "2021-06-30T03:34:36.393Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 157,
- "fields": {
- "category": 15,
- "objective_number": "20.14",
- "objective": "Verify that identifying markings on chips have been removed.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:35:08.498Z",
- "updated": "2021-06-30T03:35:08.498Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 158,
- "fields": {
- "category": 15,
- "objective_number": "20.15",
- "objective": "Verify that any available Intellectual Property protection technologies provided by the chip manufacturer are enabled.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:35:24.271Z",
- "updated": "2021-06-30T03:35:24.271Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 159,
- "fields": {
- "category": 15,
- "objective_number": "20.16",
- "objective": "Verify security controls are in place to hinder firmware reverse engineering (e.g., removal of verbose debugging strings).",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:35:45.152Z",
- "updated": "2021-06-30T03:35:45.152Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 160,
- "fields": {
- "category": 15,
- "objective_number": "20.17",
- "objective": "Verify the device validates the boot image signature before loading.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:36:02.979Z",
- "updated": "2021-06-30T03:36:02.979Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 161,
- "fields": {
- "category": 15,
- "objective_number": "20.18",
- "objective": "Verify that the firmware update process is not vulnerable to time-of-check vs time-of-use attacks.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:36:19.093Z",
- "updated": "2021-06-30T03:36:19.093Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 162,
- "fields": {
- "category": 15,
- "objective_number": "20.19",
- "objective": "Verify the device uses code signing and validates firmware upgrade files before installing.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:36:34.926Z",
- "updated": "2021-06-30T03:36:34.926Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 163,
- "fields": {
- "category": 15,
- "objective_number": "20.20",
- "objective": "Verify that the device cannot be downgraded to old versions of valid firmware.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:36:52.972Z",
- "updated": "2021-06-30T03:36:52.972Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 164,
- "fields": {
- "category": 15,
- "objective_number": "20.21",
- "objective": "Verify usage of cryptographically secure pseudo-random number generator on embedded device (e.g., using chip-provided random number generators).",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:37:09.554Z",
- "updated": "2021-06-30T03:37:09.554Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 165,
- "fields": {
- "category": 15,
- "objective_number": "20.22",
- "objective": "Verify that the device wipes firmware and sensitive data upon detection of tampering or receipt of invalid message.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:37:31.703Z",
- "updated": "2021-06-30T03:37:31.703Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 166,
- "fields": {
- "category": 15,
- "objective_number": "20.23",
- "objective": "Verify that only microcontrollers that support disabling debugging interfaces (e.g. JTAG, SWD) are used.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:37:43.128Z",
- "updated": "2021-06-30T03:37:43.128Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 167,
- "fields": {
- "category": 15,
- "objective_number": "20.24",
- "objective": "Verify that only microcontrollers that provide substantial protection from de-capping and side channel attacks are used.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:37:57.432Z",
- "updated": "2021-06-30T03:37:57.432Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 168,
- "fields": {
- "category": 15,
- "objective_number": "20.25",
- "objective": "Verify that sensitive traces are not exposed to outer layers of the printed circuit board.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:38:10.177Z",
- "updated": "2021-06-30T03:38:10.177Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 169,
- "fields": {
- "category": 15,
- "objective_number": "20.26",
- "objective": "Verify that inter-chip communication is encrypted.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:38:22.674Z",
- "updated": "2021-06-30T03:38:22.674Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 170,
- "fields": {
- "category": 15,
- "objective_number": "20.27",
- "objective": "Verify the device uses code signing and validates code before execution.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:38:35.542Z",
- "updated": "2021-06-30T03:38:35.542Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 171,
- "fields": {
- "category": 15,
- "objective_number": "20.27",
- "objective": "Verify that sensitive information maintained in memory is overwritten with zeros as soon as it is no longer required.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:38:53.380Z",
- "updated": "2021-06-30T03:38:53.380Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 172,
- "fields": {
- "category": 15,
- "objective_number": "20.29",
- "objective": "Verify that the firmware apps utilize kernel containers for isolation between apps.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:39:11.285Z",
- "updated": "2021-06-30T03:39:11.285Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 173,
- "fields": {
- "category": 14,
- "objective_number": "19.1",
- "objective": "Verify that all components are up to date with proper security configuration(s) and version(s). This should include removal of unneeded configurations and folders such as sample applications, platform documentation, and default or example users.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:46:31.397Z",
- "updated": "2021-06-30T03:46:31.397Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 174,
- "fields": {
- "category": 14,
- "objective_number": "19.2",
- "objective": "Verify that communications between components, such as between the application server and the database server, are encrypted, particularly when the components are in different containers or on different systems.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:46:49.459Z",
- "updated": "2021-06-30T03:46:49.459Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 175,
- "fields": {
- "category": 14,
- "objective_number": "19.3",
- "objective": "Verify that communications between components, such as between the application server and the database server, is authenticated using an account with the least necessary privileges.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:47:06.199Z",
- "updated": "2021-06-30T03:47:06.199Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 176,
- "fields": {
- "category": 14,
- "objective_number": "19.4",
- "objective": "Verify application deployments are adequately sandboxed, containerized or isolated to delay and deter attackers from attacking other applications.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:47:28.491Z",
- "updated": "2021-06-30T03:47:28.491Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 177,
- "fields": {
- "category": 14,
- "objective_number": "19.5",
- "objective": "Verify that the application build and deployment processes are performed in a secure and repeatable method, such as CI / CD automation and automated configuration management.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:49:11.230Z",
- "updated": "2021-06-30T03:49:11.230Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 178,
- "fields": {
- "category": 14,
- "objective_number": "19.6",
- "objective": "Verify that authorised administrators have the capability to verify the integrity of all security-relevant configurations to detect tampering.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:49:30.929Z",
- "updated": "2021-06-30T03:49:30.929Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 179,
- "fields": {
- "category": 14,
- "objective_number": "19.7",
- "objective": "Verify that all application components are signed.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:49:47.862Z",
- "updated": "2021-06-30T03:49:47.863Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 180,
- "fields": {
- "category": 14,
- "objective_number": "19.8",
- "objective": "Verify that third party components come from trusted repositories.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:50:05.648Z",
- "updated": "2021-06-30T03:50:05.648Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 181,
- "fields": {
- "category": 14,
- "objective_number": "19.9",
- "objective": "Verify that build processes for system level languages have all security flags enabled, such as ASLR, DEP, and security checks.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:50:24.752Z",
- "updated": "2021-06-30T03:50:24.752Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 182,
- "fields": {
- "category": 14,
- "objective_number": "19.10",
- "objective": "Verify that all application assets are hosted by the application, such as JavaScript libraries, CSS stylesheets and web fonts are hosted by the application rather than rely on a CDN or external provider.",
- "references": "",
- "level_1": false,
- "level_2": false,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:50:41.104Z",
- "updated": "2021-06-30T03:50:41.104Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 183,
- "fields": {
- "category": 14,
- "objective_number": "19.11",
- "objective": "Verify that all application components, services, and servers each use their own low privilege service account, that is not shared between applications nor used by administrators.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:50:57.938Z",
- "updated": "2021-06-30T03:50:57.938Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 184,
- "fields": {
- "category": 13,
- "objective_number": "18.1",
- "objective": "Verify that the same encoding style is used between the client and the server.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:51:40.222Z",
- "updated": "2021-06-30T03:51:40.222Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 185,
- "fields": {
- "category": 13,
- "objective_number": "18.2",
- "objective": "Verify that access to administration and management functions within the Web Service Application is limited to web service administrators.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:51:56.603Z",
- "updated": "2021-06-30T03:51:56.603Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 186,
- "fields": {
- "category": 13,
- "objective_number": "18.3",
- "objective": "Verify that XML or JSON schema is in place and verified before accepting input.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:52:19.697Z",
- "updated": "2021-06-30T03:52:19.697Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 187,
- "fields": {
- "category": 13,
- "objective_number": "18.4",
- "objective": "Verify that all input is limited to an appropriate size limit.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:52:36.709Z",
- "updated": "2021-06-30T03:52:36.710Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 188,
- "fields": {
- "category": 13,
- "objective_number": "18.5",
- "objective": "Verify that SOAP based web services are compliant with Web Services-Interoperability (WS-I) Basic Profile at minimum. This essentially means TLS encryption.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:52:55.113Z",
- "updated": "2021-06-30T03:52:55.113Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 189,
- "fields": {
- "category": 13,
- "objective_number": "18.7",
- "objective": "Verify that the REST service is protected from Cross-Site Request Forgery via the use of at least one or more of the following: double submit cookie pattern, CSRF nonces, ORIGIN request header checks, and referrer request header checks.",
- "references": "",
- "level_1": true,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:53:15.663Z",
- "updated": "2021-06-30T03:53:15.663Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 190,
- "fields": {
- "category": 13,
- "objective_number": "18.8",
- "objective": "Verify the REST service explicitly check the incoming Content-Type to be the expected one, such as application/xml or application/json.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:53:34.549Z",
- "updated": "2021-06-30T03:53:34.549Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 191,
- "fields": {
- "category": 13,
- "objective_number": "18.9",
- "objective": "Verify that the message payload is signed to ensure reliable transport between client and service, using JSON Web Signing or WS-Security for SOAP requests.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:53:54.736Z",
- "updated": "2021-06-30T03:53:54.736Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_requirement",
- "pk": 192,
- "fields": {
- "category": 13,
- "objective_number": "18.10",
- "objective": "Verify that alternative and less secure access paths do not exist.",
- "references": "",
- "level_1": false,
- "level_2": true,
- "level_3": true,
- "enabled": true,
- "created": "2021-06-30T03:54:23.078Z",
- "updated": "2021-06-30T03:54:23.078Z",
- "cwe_mapping": [],
- "testing_guide": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 1,
- "fields": {
- "product": 1,
- "control": 144,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.234Z",
- "updated": "2021-11-04T08:22:00.234Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 2,
- "fields": {
- "product": 1,
- "control": 145,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.234Z",
- "updated": "2021-11-04T08:22:00.234Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 3,
- "fields": {
- "product": 1,
- "control": 146,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.234Z",
- "updated": "2021-11-04T08:22:00.234Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 4,
- "fields": {
- "product": 1,
- "control": 147,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.234Z",
- "updated": "2021-11-04T08:22:00.234Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 5,
- "fields": {
- "product": 1,
- "control": 148,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.234Z",
- "updated": "2021-11-04T08:22:00.234Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 6,
- "fields": {
- "product": 1,
- "control": 149,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.234Z",
- "updated": "2021-11-04T08:22:00.234Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 7,
- "fields": {
- "product": 1,
- "control": 150,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.234Z",
- "updated": "2021-11-04T08:22:00.234Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 8,
- "fields": {
- "product": 1,
- "control": 151,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.234Z",
- "updated": "2021-11-04T08:22:00.234Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 9,
- "fields": {
- "product": 1,
- "control": 152,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.234Z",
- "updated": "2021-11-04T08:22:00.234Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 10,
- "fields": {
- "product": 1,
- "control": 153,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 11,
- "fields": {
- "product": 1,
- "control": 154,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 12,
- "fields": {
- "product": 1,
- "control": 155,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 13,
- "fields": {
- "product": 1,
- "control": 156,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 14,
- "fields": {
- "product": 1,
- "control": 157,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 15,
- "fields": {
- "product": 1,
- "control": 158,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 16,
- "fields": {
- "product": 1,
- "control": 159,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 17,
- "fields": {
- "product": 1,
- "control": 160,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 18,
- "fields": {
- "product": 1,
- "control": 161,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 19,
- "fields": {
- "product": 1,
- "control": 162,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 20,
- "fields": {
- "product": 1,
- "control": 163,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 21,
- "fields": {
- "product": 1,
- "control": 164,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 22,
- "fields": {
- "product": 1,
- "control": 165,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 23,
- "fields": {
- "product": 1,
- "control": 166,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 24,
- "fields": {
- "product": 1,
- "control": 167,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 25,
- "fields": {
- "product": 1,
- "control": 168,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 26,
- "fields": {
- "product": 1,
- "control": 169,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 27,
- "fields": {
- "product": 1,
- "control": 170,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 28,
- "fields": {
- "product": 1,
- "control": 171,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 29,
- "fields": {
- "product": 1,
- "control": 172,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 30,
- "fields": {
- "product": 1,
- "control": 173,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.235Z",
- "updated": "2021-11-04T08:22:00.235Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 31,
- "fields": {
- "product": 1,
- "control": 174,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 32,
- "fields": {
- "product": 1,
- "control": 175,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 33,
- "fields": {
- "product": 1,
- "control": 176,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 34,
- "fields": {
- "product": 1,
- "control": 177,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 35,
- "fields": {
- "product": 1,
- "control": 178,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 36,
- "fields": {
- "product": 1,
- "control": 179,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 37,
- "fields": {
- "product": 1,
- "control": 180,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 38,
- "fields": {
- "product": 1,
- "control": 181,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 39,
- "fields": {
- "product": 1,
- "control": 182,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 40,
- "fields": {
- "product": 1,
- "control": 183,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 41,
- "fields": {
- "product": 1,
- "control": 184,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 42,
- "fields": {
- "product": 1,
- "control": 185,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 43,
- "fields": {
- "product": 1,
- "control": 186,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 44,
- "fields": {
- "product": 1,
- "control": 187,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 45,
- "fields": {
- "product": 1,
- "control": 188,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 46,
- "fields": {
- "product": 1,
- "control": 189,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 47,
- "fields": {
- "product": 1,
- "control": 190,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 48,
- "fields": {
- "product": 1,
- "control": 191,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.236Z",
- "updated": "2021-11-04T08:22:00.236Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 49,
- "fields": {
- "product": 1,
- "control": 192,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 50,
- "fields": {
- "product": 1,
- "control": 134,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 51,
- "fields": {
- "product": 1,
- "control": 135,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 52,
- "fields": {
- "product": 1,
- "control": 136,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 53,
- "fields": {
- "product": 1,
- "control": 137,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 54,
- "fields": {
- "product": 1,
- "control": 138,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 55,
- "fields": {
- "product": 1,
- "control": 139,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 56,
- "fields": {
- "product": 1,
- "control": 140,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 57,
- "fields": {
- "product": 1,
- "control": 141,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 58,
- "fields": {
- "product": 1,
- "control": 142,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 59,
- "fields": {
- "product": 1,
- "control": 143,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 60,
- "fields": {
- "product": 1,
- "control": 132,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 61,
- "fields": {
- "product": 1,
- "control": 133,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 62,
- "fields": {
- "product": 1,
- "control": 130,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 63,
- "fields": {
- "product": 1,
- "control": 131,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 64,
- "fields": {
- "product": 1,
- "control": 117,
- "pass_fail": true,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 65,
- "fields": {
- "product": 1,
- "control": 118,
- "pass_fail": true,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 66,
- "fields": {
- "product": 1,
- "control": 119,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 67,
- "fields": {
- "product": 1,
- "control": 120,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 68,
- "fields": {
- "product": 1,
- "control": 121,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 69,
- "fields": {
- "product": 1,
- "control": 122,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.237Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 70,
- "fields": {
- "product": 1,
- "control": 123,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.237Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 71,
- "fields": {
- "product": 1,
- "control": 124,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 72,
- "fields": {
- "product": 1,
- "control": 125,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 73,
- "fields": {
- "product": 1,
- "control": 126,
- "pass_fail": true,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 74,
- "fields": {
- "product": 1,
- "control": 127,
- "pass_fail": true,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 75,
- "fields": {
- "product": 1,
- "control": 128,
- "pass_fail": true,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 76,
- "fields": {
- "product": 1,
- "control": 129,
- "pass_fail": true,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 77,
- "fields": {
- "product": 1,
- "control": 110,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 78,
- "fields": {
- "product": 1,
- "control": 105,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 79,
- "fields": {
- "product": 1,
- "control": 106,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 80,
- "fields": {
- "product": 1,
- "control": 107,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 81,
- "fields": {
- "product": 1,
- "control": 108,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 82,
- "fields": {
- "product": 1,
- "control": 109,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 83,
- "fields": {
- "product": 1,
- "control": 111,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 84,
- "fields": {
- "product": 1,
- "control": 112,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 85,
- "fields": {
- "product": 1,
- "control": 113,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 86,
- "fields": {
- "product": 1,
- "control": 114,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 87,
- "fields": {
- "product": 1,
- "control": 115,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 88,
- "fields": {
- "product": 1,
- "control": 116,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 89,
- "fields": {
- "product": 1,
- "control": 92,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.238Z",
- "updated": "2021-11-04T08:22:00.238Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 90,
- "fields": {
- "product": 1,
- "control": 93,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 91,
- "fields": {
- "product": 1,
- "control": 94,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 92,
- "fields": {
- "product": 1,
- "control": 95,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 93,
- "fields": {
- "product": 1,
- "control": 96,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 94,
- "fields": {
- "product": 1,
- "control": 97,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 95,
- "fields": {
- "product": 1,
- "control": 98,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 96,
- "fields": {
- "product": 1,
- "control": 99,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 97,
- "fields": {
- "product": 1,
- "control": 100,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 98,
- "fields": {
- "product": 1,
- "control": 101,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 99,
- "fields": {
- "product": 1,
- "control": 102,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 100,
- "fields": {
- "product": 1,
- "control": 103,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 101,
- "fields": {
- "product": 1,
- "control": 104,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 102,
- "fields": {
- "product": 1,
- "control": 65,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 103,
- "fields": {
- "product": 1,
- "control": 66,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 104,
- "fields": {
- "product": 1,
- "control": 67,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 105,
- "fields": {
- "product": 1,
- "control": 68,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 106,
- "fields": {
- "product": 1,
- "control": 69,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 107,
- "fields": {
- "product": 1,
- "control": 70,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 108,
- "fields": {
- "product": 1,
- "control": 71,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 109,
- "fields": {
- "product": 1,
- "control": 72,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.239Z",
- "updated": "2021-11-04T08:22:00.239Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 110,
- "fields": {
- "product": 1,
- "control": 73,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 111,
- "fields": {
- "product": 1,
- "control": 74,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 112,
- "fields": {
- "product": 1,
- "control": 75,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 113,
- "fields": {
- "product": 1,
- "control": 76,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 114,
- "fields": {
- "product": 1,
- "control": 77,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 115,
- "fields": {
- "product": 1,
- "control": 78,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 116,
- "fields": {
- "product": 1,
- "control": 79,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 117,
- "fields": {
- "product": 1,
- "control": 80,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 118,
- "fields": {
- "product": 1,
- "control": 81,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 119,
- "fields": {
- "product": 1,
- "control": 82,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 120,
- "fields": {
- "product": 1,
- "control": 83,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 121,
- "fields": {
- "product": 1,
- "control": 84,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 122,
- "fields": {
- "product": 1,
- "control": 53,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 123,
- "fields": {
- "product": 1,
- "control": 54,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 124,
- "fields": {
- "product": 1,
- "control": 55,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 125,
- "fields": {
- "product": 1,
- "control": 56,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 126,
- "fields": {
- "product": 1,
- "control": 57,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 127,
- "fields": {
- "product": 1,
- "control": 58,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 128,
- "fields": {
- "product": 1,
- "control": 59,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 129,
- "fields": {
- "product": 1,
- "control": 60,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 130,
- "fields": {
- "product": 1,
- "control": 61,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.240Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 131,
- "fields": {
- "product": 1,
- "control": 62,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.240Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 132,
- "fields": {
- "product": 1,
- "control": 63,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 133,
- "fields": {
- "product": 1,
- "control": 64,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 134,
- "fields": {
- "product": 1,
- "control": 42,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 135,
- "fields": {
- "product": 1,
- "control": 43,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 136,
- "fields": {
- "product": 1,
- "control": 44,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 137,
- "fields": {
- "product": 1,
- "control": 45,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 138,
- "fields": {
- "product": 1,
- "control": 46,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 139,
- "fields": {
- "product": 1,
- "control": 47,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 140,
- "fields": {
- "product": 1,
- "control": 48,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 141,
- "fields": {
- "product": 1,
- "control": 49,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 142,
- "fields": {
- "product": 1,
- "control": 50,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 143,
- "fields": {
- "product": 1,
- "control": 51,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 144,
- "fields": {
- "product": 1,
- "control": 52,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 145,
- "fields": {
- "product": 1,
- "control": 5,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 146,
- "fields": {
- "product": 1,
- "control": 6,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 147,
- "fields": {
- "product": 1,
- "control": 7,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 148,
- "fields": {
- "product": 1,
- "control": 8,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 149,
- "fields": {
- "product": 1,
- "control": 9,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 150,
- "fields": {
- "product": 1,
- "control": 11,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 151,
- "fields": {
- "product": 1,
- "control": 12,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 152,
- "fields": {
- "product": 1,
- "control": 13,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.241Z",
- "updated": "2021-11-04T08:22:00.241Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 153,
- "fields": {
- "product": 1,
- "control": 14,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 154,
- "fields": {
- "product": 1,
- "control": 15,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 155,
- "fields": {
- "product": 1,
- "control": 16,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 156,
- "fields": {
- "product": 1,
- "control": 17,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 157,
- "fields": {
- "product": 1,
- "control": 4,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 158,
- "fields": {
- "product": 1,
- "control": 18,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 159,
- "fields": {
- "product": 1,
- "control": 19,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 160,
- "fields": {
- "product": 1,
- "control": 20,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 161,
- "fields": {
- "product": 1,
- "control": 21,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 162,
- "fields": {
- "product": 1,
- "control": 22,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 163,
- "fields": {
- "product": 1,
- "control": 23,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 164,
- "fields": {
- "product": 1,
- "control": 24,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 165,
- "fields": {
- "product": 1,
- "control": 25,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 166,
- "fields": {
- "product": 1,
- "control": 26,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 167,
- "fields": {
- "product": 1,
- "control": 27,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 168,
- "fields": {
- "product": 1,
- "control": 28,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 169,
- "fields": {
- "product": 1,
- "control": 29,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 170,
- "fields": {
- "product": 1,
- "control": 30,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 171,
- "fields": {
- "product": 1,
- "control": 31,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 172,
- "fields": {
- "product": 1,
- "control": 32,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 173,
- "fields": {
- "product": 1,
- "control": 33,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.242Z",
- "updated": "2021-11-04T08:22:00.242Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 174,
- "fields": {
- "product": 1,
- "control": 34,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 175,
- "fields": {
- "product": 1,
- "control": 35,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 176,
- "fields": {
- "product": 1,
- "control": 36,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 177,
- "fields": {
- "product": 1,
- "control": 37,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 178,
- "fields": {
- "product": 1,
- "control": 38,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 179,
- "fields": {
- "product": 1,
- "control": 39,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 180,
- "fields": {
- "product": 1,
- "control": 40,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 181,
- "fields": {
- "product": 1,
- "control": 41,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 182,
- "fields": {
- "product": 1,
- "control": 1,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 183,
- "fields": {
- "product": 1,
- "control": 2,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 184,
- "fields": {
- "product": 1,
- "control": 3,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 185,
- "fields": {
- "product": 1,
- "control": 85,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 186,
- "fields": {
- "product": 1,
- "control": 86,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 187,
- "fields": {
- "product": 1,
- "control": 87,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 188,
- "fields": {
- "product": 1,
- "control": 88,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 189,
- "fields": {
- "product": 1,
- "control": 89,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 190,
- "fields": {
- "product": 1,
- "control": 90,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product",
- "pk": 191,
- "fields": {
- "product": 1,
- "control": 91,
- "pass_fail": false,
- "enabled": true,
- "created": "2021-11-04T08:22:00.243Z",
- "updated": "2021-11-04T08:22:00.243Z",
- "notes": []
- }
-},
-{
- "model": "dojo.benchmark_product_summary",
- "pk": 1,
- "fields": {
- "product": 1,
- "benchmark_type": 1,
- "desired_level": "Level 1",
- "current_level": "None",
- "asvs_level_1_benchmark": 83,
- "asvs_level_1_score": 6,
- "asvs_level_2_benchmark": 73,
- "asvs_level_2_score": 0,
- "asvs_level_3_benchmark": 35,
- "asvs_level_3_score": 0,
- "publish": false,
- "created": "2021-11-04T08:22:00.291Z",
- "updated": "2021-11-04T08:22:00.291Z"
- }
-},
-{
- "model": "dojo.question",
- "pk": 3,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:31:16Z",
- "modified": "2018-06-17T19:31:16Z",
- "order": 1,
- "optional": false,
- "text": "What kind of infrastructure will you be using (cloud servers, load balancers, dedicated hardware, etc)?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 4,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:31:30Z",
- "modified": "2018-06-17T19:31:30Z",
- "order": 1,
- "optional": false,
- "text": "Will there be a staging/pre-prod environment?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 5,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:31:45Z",
- "modified": "2018-06-17T19:31:45Z",
- "order": 1,
- "optional": false,
- "text": "How many servers/regions will be used for production?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 6,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:52:57Z",
- "modified": "2018-06-17T19:52:57Z",
- "order": 1,
- "optional": false,
- "text": "What kind of OS and other software will these servers run?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 7,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:53:37Z",
- "modified": "2018-06-17T19:53:37Z",
- "order": 1,
- "optional": false,
- "text": "Where does the product live? (Public cloud, private cloud, dedicated, etc.)"
- }
-},
-{
- "model": "dojo.question",
- "pk": 8,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:54:20Z",
- "modified": "2018-06-17T19:54:20Z",
- "order": 1,
- "optional": false,
- "text": "If public cloud, are regions and environments separated into different accounts? Who manages the accounts?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 9,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:54:34Z",
- "modified": "2018-06-17T19:54:34Z",
- "order": 1,
- "optional": false,
- "text": "How will your servers talk to one another, if at all?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 10,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:54:48Z",
- "modified": "2018-06-17T19:54:48Z",
- "order": 1,
- "optional": false,
- "text": "How will you manage this infrastructure?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 11,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:55:00Z",
- "modified": "2018-06-17T19:55:00Z",
- "order": 1,
- "optional": false,
- "text": "What is your patching schedule?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 12,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:55:20Z",
- "modified": "2018-06-17T19:55:20Z",
- "order": 1,
- "optional": false,
- "text": "How will admin users (e.g., Ops) authenticate to the servers (LDAP based login, SSH Keys, local access)?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 13,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:56:24Z",
- "modified": "2018-06-17T19:56:24Z",
- "order": 1,
- "optional": false,
- "text": "What components do you have as part of your product (Web UI, REST API, command line app, mobile app, etc.)?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 14,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:57:22Z",
- "modified": "2018-06-17T19:57:22Z",
- "order": 1,
- "optional": false,
- "text": "What access control limitations are in place?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 15,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:57:34Z",
- "modified": "2018-06-17T19:57:34Z",
- "order": 1,
- "optional": false,
- "text": "How is access control enforced? (IP whitelists, role-based access controls, etc.)"
- }
-},
-{
- "model": "dojo.question",
- "pk": 16,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:57:55Z",
- "modified": "2018-06-17T19:57:55Z",
- "order": 1,
- "optional": false,
- "text": "What Identity roles (if any) are utilized by the app and how many people are estimated to be inside those groups?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 17,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T19:58:36Z",
- "modified": "2018-06-17T19:58:36Z",
- "order": 1,
- "optional": false,
- "text": "What is the criteria for being added to these groups? Are they audited and auto-purged?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 18,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:00:35Z",
- "modified": "2018-06-17T20:00:35Z",
- "order": 1,
- "optional": false,
- "text": "Are you logging all sensitive user actions, such as user registration, permission modification, login attempts, admin functions, etc.?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 19,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:00:46Z",
- "modified": "2018-06-17T20:00:46Z",
- "order": 1,
- "optional": false,
- "text": "What identifying information are you logging?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 20,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:00:58Z",
- "modified": "2018-06-17T20:00:58Z",
- "order": 1,
- "optional": false,
- "text": "Where are these logs stored?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 21,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:02:18Z",
- "modified": "2018-06-17T20:02:18Z",
- "order": 1,
- "optional": false,
- "text": "How does an end user interact with the product? Do they visit it in their browser, use a proxy or a special CLI tool, log in through a terminal server, etc?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 22,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:02:32Z",
- "modified": "2018-06-17T20:02:32Z",
- "order": 1,
- "optional": false,
- "text": "How public-facing is this product? (customer tool, open source project, etc.)"
- }
-},
-{
- "model": "dojo.question",
- "pk": 23,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:02:46Z",
- "modified": "2018-06-17T20:02:46Z",
- "order": 1,
- "optional": false,
- "text": "When does information cross a privacy boundary within your application flow? For instance public cloud -> private cloud, public internet -> public cloud, etc."
- }
-},
-{
- "model": "dojo.question",
- "pk": 24,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:02:57Z",
- "modified": "2018-06-17T20:02:57Z",
- "order": 1,
- "optional": false,
- "text": "What services/products does your product consume? What services/products consume it?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 25,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:04:46Z",
- "modified": "2018-06-17T20:04:46Z",
- "order": 1,
- "optional": false,
- "text": "What customer or corporate information does your product consume?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 26,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:05:10Z",
- "modified": "2018-06-17T20:05:10Z",
- "order": 1,
- "optional": false,
- "text": "What information does the product store?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 27,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:05:22Z",
- "modified": "2018-06-17T20:05:22Z",
- "order": 1,
- "optional": false,
- "text": "Where, how, and for how long is it stored?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 28,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:05:32Z",
- "modified": "2018-06-17T20:05:32Z",
- "order": 1,
- "optional": false,
- "text": "Is encryption / hashing used where appropriate?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 29,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:05:43Z",
- "modified": "2018-06-17T20:05:43Z",
- "order": 1,
- "optional": false,
- "text": "Are you rolling your own identification system? If so, have you considered integrating with SSO instead?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 30,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:05:57Z",
- "modified": "2018-06-17T20:05:57Z",
- "order": 1,
- "optional": false,
- "text": "What information does the product send to the user?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 31,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:06:15Z",
- "modified": "2018-06-17T20:06:15Z",
- "order": 1,
- "optional": false,
- "text": "If you're managing passwords or keys across multiple servers/endpoints, where and how is that information stored?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 32,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:08:08Z",
- "modified": "2018-06-17T20:08:08Z",
- "order": 1,
- "optional": false,
- "text": "What third party tools and libraries are you using? Please provide a package dump as well (apt, pip, bower, etc.)"
- }
-},
-{
- "model": "dojo.question",
- "pk": 33,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:08:19Z",
- "modified": "2018-06-17T20:08:19Z",
- "order": 1,
- "optional": false,
- "text": "What ports should be open on each node, and what services do they expose?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 34,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:08:30Z",
- "modified": "2018-06-17T20:08:30Z",
- "order": 1,
- "optional": false,
- "text": "What service accounts are you utilizing, and what roles do they have?"
- }
-},
-{
- "model": "dojo.question",
- "pk": 35,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:08:43Z",
- "modified": "2018-06-17T20:08:43Z",
- "order": 1,
- "optional": false,
- "text": "What DNS entries do you have set up? (Most importantly, public-facing systems)"
- }
-},
-{
- "model": "dojo.question",
- "pk": 36,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:08:54Z",
- "modified": "2018-06-17T20:08:54Z",
- "order": 1,
- "optional": false,
- "text": "What type of monitoring are you doing? (IDS, cloud monitoring, custom log parsing script, etc.)"
- }
-},
-{
- "model": "dojo.question",
- "pk": 37,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:10:15Z",
- "modified": "2018-06-17T20:10:15Z",
- "order": 1,
- "optional": false,
- "text": "List the IPs for all infrastructure utilized for the environment in question."
- }
-},
-{
- "model": "dojo.question",
- "pk": 38,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:10:30Z",
- "modified": "2018-06-17T20:10:30Z",
- "order": 1,
- "optional": false,
- "text": "List of endpoints and documentation for any APIs created by your product."
- }
-},
-{
- "model": "dojo.question",
- "pk": 39,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:10:42Z",
- "modified": "2018-06-17T20:10:42Z",
- "order": 1,
- "optional": false,
- "text": "Locations of any web UIs or other important URLs"
- }
-},
-{
- "model": "dojo.question",
- "pk": 40,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:10:52Z",
- "modified": "2018-06-17T20:10:52Z",
- "order": 1,
- "optional": false,
- "text": "List of any service accounts or other access requests relevant to your product"
- }
-},
-{
- "model": "dojo.question",
- "pk": 41,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:11:04Z",
- "modified": "2018-06-17T20:11:04Z",
- "order": 1,
- "optional": false,
- "text": "The contact information of QE who are testing the products."
- }
-},
-{
- "model": "dojo.question",
- "pk": 42,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:11:17Z",
- "modified": "2018-06-17T20:11:17Z",
- "order": 1,
- "optional": false,
- "text": "The list of people that should be notified for our security testing."
- }
-},
-{
- "model": "dojo.question",
- "pk": 43,
- "fields": {
- "polymorphic_ctype": 97,
- "created": "2018-06-17T20:11:30Z",
- "modified": "2018-06-17T20:11:30Z",
- "order": 1,
- "optional": false,
- "text": "Any security testing that we should not run, and/or times when you would prefer we not test."
- }
-},
-{
- "model": "dojo.textquestion",
- "pk": 3,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 4,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 5,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 6,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 7,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 8,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 9,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 10,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 11,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 12,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 13,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 14,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 15,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 16,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 17,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 18,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 19,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 20,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 21,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 22,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 23,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 24,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 25,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 26,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 27,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 28,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 29,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 30,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 31,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 32,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 33,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 34,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 35,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 36,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 37,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 38,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 39,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 40,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 41,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 42,
- "fields": {}
-},
-{
- "model": "dojo.textquestion",
- "pk": 43,
- "fields": {}
-},
-{
- "model": "dojo.engagement_survey",
- "pk": 2,
- "fields": {
- "name": "Infrastructure",
- "description": "Questions regarding the products physical infrastructure.",
- "active": true,
- "questions": [
- 3,
- 4,
- 5,
- 6,
- 7,
- 8,
- 9,
- 10,
- 11,
- 12
- ]
- }
-},
-{
- "model": "dojo.engagement_survey",
- "pk": 3,
- "fields": {
- "name": "Testing Preparation",
- "description": "Tell us about the specific components that make up your application.",
- "active": true,
- "questions": [
- 13,
- 37,
- 38,
- 39,
- 40,
- 41,
- 42,
- 43
- ]
- }
-},
-{
- "model": "dojo.engagement_survey",
- "pk": 4,
- "fields": {
- "name": "Access Control",
- "description": "Tell us about the access control configured for your application.",
- "active": true,
- "questions": [
- 14,
- 15,
- 16,
- 17,
- 18,
- 19,
- 20
- ]
- }
-},
-{
- "model": "dojo.engagement_survey",
- "pk": 5,
- "fields": {
- "name": "Information Flow / Dependency Modeling",
- "description": "Tell us how is your application used.",
- "active": true,
- "questions": [
- 21,
- 22,
- 23,
- 24
- ]
- }
-},
-{
- "model": "dojo.engagement_survey",
- "pk": 6,
- "fields": {
- "name": "Information Management",
- "description": "Tell us what kind of data you are storing/managing.",
- "active": true,
- "questions": [
- 25,
- 26,
- 27,
- 28,
- 29,
- 30,
- 31
- ]
- }
-},
-{
- "model": "dojo.engagement_survey",
- "pk": 7,
- "fields": {
- "name": "Inventory",
- "description": "Give us detail about your application.",
- "active": true,
- "questions": [
- 32,
- 33,
- 34,
- 35,
- 36
- ]
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 1,
- "fields": {
- "engine_slug": "default",
- "content_type": 24,
- "object_id": "1",
- "object_id_int": 1,
- "title": "Python How-to",
- "description": "",
- "content": "Python How-to test product 0 0 0",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 2,
- "fields": {
- "engine_slug": "default",
- "content_type": 24,
- "object_id": "2",
- "object_id_int": 2,
- "title": "Security How-to",
- "description": "",
- "content": "Security How-to test product 0 0 0",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 3,
- "fields": {
- "engine_slug": "default",
- "content_type": 24,
- "object_id": "3",
- "object_id_int": 3,
- "title": "Security Podcast",
- "description": "",
- "content": "Security Podcast test product 0 0 0",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 4,
- "fields": {
- "engine_slug": "default",
- "content_type": 85,
- "object_id": "3",
- "object_id_int": 3,
- "title": "Web Scan (Feb 18, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 5,
- "fields": {
- "engine_slug": "default",
- "content_type": 85,
- "object_id": "13",
- "object_id_int": 13,
- "title": "Web Scan (Mar 21, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 6,
- "fields": {
- "engine_slug": "default",
- "content_type": 85,
- "object_id": "14",
- "object_id_int": 14,
- "title": "Web Scan (Feb 18, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 7,
- "fields": {
- "engine_slug": "default",
- "content_type": 60,
- "object_id": "2",
- "object_id_int": 2,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 8,
- "fields": {
- "engine_slug": "default",
- "content_type": 60,
- "object_id": "3",
- "object_id_int": 3,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 9,
- "fields": {
- "engine_slug": "default",
- "content_type": 60,
- "object_id": "4",
- "object_id_int": 4,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 10,
- "fields": {
- "engine_slug": "default",
- "content_type": 60,
- "object_id": "5",
- "object_id_int": 5,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 11,
- "fields": {
- "engine_slug": "default",
- "content_type": 60,
- "object_id": "6",
- "object_id_int": 6,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 12,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "14",
- "object_id_int": 14,
- "title": "API Test (Feb 18, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 13,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "2",
- "object_id_int": 2,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S4 None None None None None 91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 14,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "3",
- "object_id_int": 3,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 15,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "4",
- "object_id_int": 4,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 16,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "5",
- "object_id_int": 5,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 17,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "6",
- "object_id_int": 6,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 18,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "7",
- "object_id_int": 7,
- "title": "DUMMY FINDING",
- "description": "",
- "content": "DUMMY FINDING http://www.example.com HIGH TEST finding MITIGATION HIGH None None S0 None None None None None c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 19,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "1",
- "object_id_int": 1,
- "title": "XSS template",
- "description": "",
- "content": "XSS template HIGH XSS test template None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 20,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "2",
- "object_id_int": 2,
- "title": "High Impact Test Finding",
- "description": "",
- "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62 None None None None None None None None None None 2 None None Internal CRM App ",
- "url": "/finding/2",
- "meta_encoded": "{\"status\": \"Inactive, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 21,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "3",
- "object_id_int": 3,
- "title": "High Impact Test Finding",
- "description": "",
- "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 3 None None Internal CRM App ",
- "url": "/finding/3",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 22,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "8",
- "object_id_int": 8,
- "title": "http://localhost:8888//bodgeit/",
- "description": "",
- "content": "http None localhost /bodgeit/ None None",
- "url": "/endpoint/8",
- "meta_encoded": "{\"product__name\": \"BodgeIt\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 23,
- "fields": {
- "engine_slug": "default",
- "content_type": 24,
- "object_id": "1",
- "object_id_int": 1,
- "title": "Python How-to",
- "description": "",
- "content": "Python How-to test product 0 0 0",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 24,
- "fields": {
- "engine_slug": "default",
- "content_type": 24,
- "object_id": "2",
- "object_id_int": 2,
- "title": "Security How-to",
- "description": "",
- "content": "Security How-to test product 0 0 0",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 25,
- "fields": {
- "engine_slug": "default",
- "content_type": 24,
- "object_id": "3",
- "object_id_int": 3,
- "title": "Security Podcast",
- "description": "",
- "content": "Security Podcast test product 0 0 0",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 26,
- "fields": {
- "engine_slug": "default",
- "content_type": 85,
- "object_id": "3",
- "object_id_int": 3,
- "title": "Web Scan (Feb 18, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 27,
- "fields": {
- "engine_slug": "default",
- "content_type": 85,
- "object_id": "13",
- "object_id_int": 13,
- "title": "Web Scan (Mar 21, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 28,
- "fields": {
- "engine_slug": "default",
- "content_type": 85,
- "object_id": "14",
- "object_id_int": 14,
- "title": "Web Scan (Feb 18, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 29,
- "fields": {
- "engine_slug": "default",
- "content_type": 60,
- "object_id": "2",
- "object_id_int": 2,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 30,
- "fields": {
- "engine_slug": "default",
- "content_type": 60,
- "object_id": "3",
- "object_id_int": 3,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 31,
- "fields": {
- "engine_slug": "default",
- "content_type": 60,
- "object_id": "4",
- "object_id_int": 4,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 32,
- "fields": {
- "engine_slug": "default",
- "content_type": 60,
- "object_id": "5",
- "object_id_int": 5,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 33,
- "fields": {
- "engine_slug": "default",
- "content_type": 60,
- "object_id": "6",
- "object_id_int": 6,
- "title": "High Impact test finding",
- "description": "",
- "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 34,
- "fields": {
- "engine_slug": "default",
- "content_type": 60,
- "object_id": "7",
- "object_id_int": 7,
- "title": "DUMMY FINDING",
- "description": "",
- "content": "DUMMY FINDING http://www.example.com HIGH TEST finding MITIGATION HIGH S0 None None None None None c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0 ",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 35,
- "fields": {
- "engine_slug": "default",
- "content_type": 38,
- "object_id": "2",
- "object_id_int": 2,
- "title": "Engagement: April Monthly Engagement (Jun 30, 2021)",
- "description": "",
- "content": "April Monthly Engagement Requested by the team for regular manual checkup by the security team. None None None Completed threat_model none none Interactive None None None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 36,
- "fields": {
- "engine_slug": "default",
- "content_type": 28,
- "object_id": "1",
- "object_id_int": 1,
- "title": "BodgeIt",
- "description": "",
- "content": "BodgeIt [Features](https://github.com/psiinon/bodgeit) and characteristics:\r\n\r\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\r\n* Self contained (no additional dependencies other than to 2 in the above line)\r\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\r\n* Cross platform\r\n* Open source\r\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up Tester Jester Bob Buster Peter Scramble high web production internal",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 37,
- "fields": {
- "engine_slug": "default",
- "content_type": 38,
- "object_id": "4",
- "object_id_int": 4,
- "title": "Engagement: Static Scan (Nov 03, 2021)",
- "description": "",
- "content": "Static Scan Initial static scan for Bodgeit. v.1.2.0 None None Completed other none none Interactive None None None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 38,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "15",
- "object_id_int": 15,
- "title": "Checkmarx Scan (Nov 03, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 39,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "8",
- "object_id_int": 8,
- "title": "SQL Injection (register.jsp)",
- "description": "",
- "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 40,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "9",
- "object_id_int": 9,
- "title": "Download of Code Without Integrity Check (login.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 41,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "10",
- "object_id_int": 10,
- "title": "Missing X Frame Options (web.xml)",
- "description": "",
- "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 42,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "11",
- "object_id_int": 11,
- "title": "Information Exposure Through an Error Message (AdvancedSearch.java)",
- "description": "",
- "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 43,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "12",
- "object_id_int": 12,
- "title": "Improper Resource Shutdown or Release (home.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 44,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "13",
- "object_id_int": 13,
- "title": "Reflected XSS All Clients (basket.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 45,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "14",
- "object_id_int": 14,
- "title": "HttpOnlyCookies (register.jsp)",
- "description": "",
- "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 46,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "15",
- "object_id_int": 15,
- "title": "CGI Reflected XSS All Clients (register.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 47,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "16",
- "object_id_int": 16,
- "title": "Hardcoded password in Connection String (product.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 48,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "17",
- "object_id_int": 17,
- "title": "Client Insecure Randomness (encryption.js)",
- "description": "",
- "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 49,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "18",
- "object_id_int": 18,
- "title": "SQL Injection (password.jsp)",
- "description": "",
- "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 50,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "19",
- "object_id_int": 19,
- "title": "Stored XSS (basket.jsp)",
- "description": "",
- "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 51,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "20",
- "object_id_int": 20,
- "title": "CGI Stored XSS (home.jsp)",
- "description": "",
- "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 52,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "21",
- "object_id_int": 21,
- "title": "Not Using a Random IV with CBC Mode (AES.java)",
- "description": "",
- "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 53,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "22",
- "object_id_int": 22,
- "title": "Collapse of Data into Unsafe Value (contact.jsp)",
- "description": "",
- "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 54,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "23",
- "object_id_int": 23,
- "title": "Stored Boundary Violation (login.jsp)",
- "description": "",
- "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 55,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "24",
- "object_id_int": 24,
- "title": "Hardcoded password in Connection String (home.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 56,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "25",
- "object_id_int": 25,
- "title": "Blind SQL Injections (password.jsp)",
- "description": "",
- "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 57,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "26",
- "object_id_int": 26,
- "title": "Heap Inspection (password.jsp)",
- "description": "",
- "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 58,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "27",
- "object_id_int": 27,
- "title": "Use of Cryptographically Weak PRNG (home.jsp)",
- "description": "",
- "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 59,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "28",
- "object_id_int": 28,
- "title": "Trust Boundary Violation (login.jsp)",
- "description": "",
- "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 60,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "29",
- "object_id_int": 29,
- "title": "Information Exposure Through an Error Message (admin.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 61,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "30",
- "object_id_int": 30,
- "title": "Reliance on Cookies in a Decision (basket.jsp)",
- "description": "",
- "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 62,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "31",
- "object_id_int": 31,
- "title": "Empty Password In Connection String (product.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 63,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "32",
- "object_id_int": 32,
- "title": "Improper Resource Access Authorization (password.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 64,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "33",
- "object_id_int": 33,
- "title": "Client Cross Frame Scripting Attack (advanced.jsp)",
- "description": "",
- "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 65,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "34",
- "object_id_int": 34,
- "title": "Hardcoded password in Connection String (password.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 66,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "35",
- "object_id_int": 35,
- "title": "HttpOnlyCookies In Config (web.xml)",
- "description": "",
- "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 67,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "36",
- "object_id_int": 36,
- "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 68,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "37",
- "object_id_int": 37,
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
- "description": "",
- "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 69,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "38",
- "object_id_int": 38,
- "title": "CGI Reflected XSS All Clients (login.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 70,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "39",
- "object_id_int": 39,
- "title": "Suspected XSS (password.jsp)",
- "description": "",
- "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** | <%=username%> | \n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 71,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "40",
- "object_id_int": 40,
- "title": "Hardcoded password in Connection String (contact.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 72,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "41",
- "object_id_int": 41,
- "title": "Hardcoded password in Connection String (dbconnection.jspf)",
- "description": "",
- "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 73,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "42",
- "object_id_int": 42,
- "title": "Empty Password In Connection String (register.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 74,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "43",
- "object_id_int": 43,
- "title": "Download of Code Without Integrity Check (home.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 75,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "44",
- "object_id_int": 44,
- "title": "Information Exposure Through an Error Message (home.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 76,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "45",
- "object_id_int": 45,
- "title": "SQL Injection (login.jsp)",
- "description": "",
- "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 77,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "46",
- "object_id_int": 46,
- "title": "Empty Password In Connection String (advanced.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 78,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "47",
- "object_id_int": 47,
- "title": "CGI Stored XSS (score.jsp)",
- "description": "",
- "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 79,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "48",
- "object_id_int": 48,
- "title": "Plaintext Storage in a Cookie (basket.jsp)",
- "description": "",
- "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 80,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "49",
- "object_id_int": 49,
- "title": "Information Exposure Through an Error Message (contact.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 81,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "50",
- "object_id_int": 50,
- "title": "Hardcoded password in Connection String (basket.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 82,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "51",
- "object_id_int": 51,
- "title": "Stored XSS (admin.jsp)",
- "description": "",
- "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 83,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "52",
- "object_id_int": 52,
- "title": "Download of Code Without Integrity Check (admin.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 84,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "53",
- "object_id_int": 53,
- "title": "Empty Password In Connection String (init.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 85,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "54",
- "object_id_int": 54,
- "title": "Heap Inspection (login.jsp)",
- "description": "",
- "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 86,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "55",
- "object_id_int": 55,
- "title": "Download of Code Without Integrity Check (product.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 87,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "56",
- "object_id_int": 56,
- "title": "Session Fixation (AdvancedSearch.java)",
- "description": "",
- "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 88,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "57",
- "object_id_int": 57,
- "title": "Stored XSS (search.jsp)",
- "description": "",
- "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 89,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "58",
- "object_id_int": 58,
- "title": "Empty Password In Connection String (dbconnection.jspf)",
- "description": "",
- "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 90,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "59",
- "object_id_int": 59,
- "title": "Hardcoded password in Connection String (init.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 91,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "60",
- "object_id_int": 60,
- "title": "Reflected XSS All Clients (contact.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 92,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "61",
- "object_id_int": 61,
- "title": "HttpOnlyCookies (basket.jsp)",
- "description": "",
- "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 93,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "62",
- "object_id_int": 62,
- "title": "Download of Code Without Integrity Check (register.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 94,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "63",
- "object_id_int": 63,
- "title": "Stored XSS (home.jsp)",
- "description": "",
- "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 95,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "64",
- "object_id_int": 64,
- "title": "Empty Password In Connection String (home.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 96,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "65",
- "object_id_int": 65,
- "title": "Reflected XSS All Clients (register.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 97,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "66",
- "object_id_int": 66,
- "title": "Improper Resource Access Authorization (product.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 98,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "67",
- "object_id_int": 67,
- "title": "Download of Code Without Integrity Check (password.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 99,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "68",
- "object_id_int": 68,
- "title": "Download of Code Without Integrity Check (score.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 100,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "69",
- "object_id_int": 69,
- "title": "Improper Resource Access Authorization (basket.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 101,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "70",
- "object_id_int": 70,
- "title": "Race Condition Format Flaw (basket.jsp)",
- "description": "",
- "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 102,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "71",
- "object_id_int": 71,
- "title": "Empty Password In Connection String (header.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 103,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "72",
- "object_id_int": 72,
- "title": "Improper Resource Access Authorization (FunctionalZAP.java)",
- "description": "",
- "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 104,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "73",
- "object_id_int": 73,
- "title": "Suspected XSS (contact.jsp)",
- "description": "",
- "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 105,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "74",
- "object_id_int": 74,
- "title": "Use of Cryptographically Weak PRNG (init.jsp)",
- "description": "",
- "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 106,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "75",
- "object_id_int": 75,
- "title": "CGI Stored XSS (product.jsp)",
- "description": "",
- "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 107,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "76",
- "object_id_int": 76,
- "title": "Improper Resource Shutdown or Release (init.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 108,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "77",
- "object_id_int": 77,
- "title": "Download of Code Without Integrity Check (header.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 109,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "78",
- "object_id_int": 78,
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 110,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "79",
- "object_id_int": 79,
- "title": "Blind SQL Injections (login.jsp)",
- "description": "",
- "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 111,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "80",
- "object_id_int": 80,
- "title": "Client DOM Open Redirect (advanced.jsp)",
- "description": "",
- "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 112,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "81",
- "object_id_int": 81,
- "title": "Hardcoded password in Connection String (search.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 113,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "82",
- "object_id_int": 82,
- "title": "CGI Stored XSS (basket.jsp)",
- "description": "",
- "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 114,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "83",
- "object_id_int": 83,
- "title": "Use of Insufficiently Random Values (init.jsp)",
- "description": "",
- "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 115,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "84",
- "object_id_int": 84,
- "title": "Missing X Frame Options (web.xml)",
- "description": "",
- "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 116,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "85",
- "object_id_int": 85,
- "title": "Reflected XSS All Clients (search.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 117,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "86",
- "object_id_int": 86,
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
- "description": "",
- "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 118,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "87",
- "object_id_int": 87,
- "title": "Information Exposure Through an Error Message (score.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 119,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "88",
- "object_id_int": 88,
- "title": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)",
- "description": "",
- "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 120,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "89",
- "object_id_int": 89,
- "title": "Reliance on Cookies in a Decision (register.jsp)",
- "description": "",
- "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 121,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "90",
- "object_id_int": 90,
- "title": "Stored XSS (contact.jsp)",
- "description": "",
- "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 122,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "91",
- "object_id_int": 91,
- "title": "CGI Stored XSS (admin.jsp)",
- "description": "",
- "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 123,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "92",
- "object_id_int": 92,
- "title": "Heap Inspection (register.jsp)",
- "description": "",
- "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 124,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "93",
- "object_id_int": 93,
- "title": "Improper Resource Shutdown or Release (search.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 125,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "94",
- "object_id_int": 94,
- "title": "Information Exposure Through an Error Message (register.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 126,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "95",
- "object_id_int": 95,
- "title": "Improper Resource Access Authorization (init.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 127,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "96",
- "object_id_int": 96,
- "title": "CGI Stored XSS (header.jsp)",
- "description": "",
- "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 128,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "97",
- "object_id_int": 97,
- "title": "Blind SQL Injections (basket.jsp)",
- "description": "",
- "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 129,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "98",
- "object_id_int": 98,
- "title": "HttpOnlyCookies In Config (web.xml)",
- "description": "",
- "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 130,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "99",
- "object_id_int": 99,
- "title": "Use of Hard coded Cryptographic Key (AES.java)",
- "description": "",
- "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 131,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "100",
- "object_id_int": 100,
- "title": "Improper Resource Shutdown or Release (score.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 132,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "101",
- "object_id_int": 101,
- "title": "CGI Reflected XSS All Clients (basket.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 133,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "102",
- "object_id_int": 102,
- "title": "Stored XSS (score.jsp)",
- "description": "",
- "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 134,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "103",
- "object_id_int": 103,
- "title": "Information Exposure Through an Error Message (basket.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 135,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "104",
- "object_id_int": 104,
- "title": "Improper Resource Access Authorization (search.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 136,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "105",
- "object_id_int": 105,
- "title": "Improper Resource Access Authorization (home.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 137,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "106",
- "object_id_int": 106,
- "title": "Improper Resource Shutdown or Release (admin.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 138,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "107",
- "object_id_int": 107,
- "title": "Information Exposure Through an Error Message (search.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 139,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "108",
- "object_id_int": 108,
- "title": "Blind SQL Injections (register.jsp)",
- "description": "",
- "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 140,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "109",
- "object_id_int": 109,
- "title": "Reliance on Cookies in a Decision (login.jsp)",
- "description": "",
- "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 141,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "110",
- "object_id_int": 110,
- "title": "Download of Code Without Integrity Check (search.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 142,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "111",
- "object_id_int": 111,
- "title": "Unsynchronized Access To Shared Data (AdvancedSearch.java)",
- "description": "",
- "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 143,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "112",
- "object_id_int": 112,
- "title": "Empty Password In Connection String (search.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 144,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "113",
- "object_id_int": 113,
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 145,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "114",
- "object_id_int": 114,
- "title": "Improper Resource Access Authorization (score.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 146,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "115",
- "object_id_int": 115,
- "title": "Session Fixation (logout.jsp)",
- "description": "",
- "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 147,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "116",
- "object_id_int": 116,
- "title": "Hardcoded password in Connection String (login.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 148,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "117",
- "object_id_int": 117,
- "title": "Hardcoded password in Connection String (advanced.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 149,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "118",
- "object_id_int": 118,
- "title": "Improper Resource Access Authorization (login.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 150,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "119",
- "object_id_int": 119,
- "title": "Improper Resource Access Authorization (header.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 151,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "120",
- "object_id_int": 120,
- "title": "Empty Password In Connection String (score.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 152,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "121",
- "object_id_int": 121,
- "title": "Improper Resource Shutdown or Release (password.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 153,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "122",
- "object_id_int": 122,
- "title": "Improper Resource Shutdown or Release (product.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 154,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "123",
- "object_id_int": 123,
- "title": "Empty Password In Connection String (login.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 155,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "124",
- "object_id_int": 124,
- "title": "Information Exposure Through an Error Message (login.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 156,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "125",
- "object_id_int": 125,
- "title": "Use of Insufficiently Random Values (contact.jsp)",
- "description": "",
- "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 157,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "126",
- "object_id_int": 126,
- "title": "Stored XSS (contact.jsp)",
- "description": "",
- "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 158,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "127",
- "object_id_int": 127,
- "title": "HttpOnlyCookies (login.jsp)",
- "description": "",
- "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 159,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "128",
- "object_id_int": 128,
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
- "description": "",
- "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 160,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "129",
- "object_id_int": 129,
- "title": "Information Exposure Through an Error Message (header.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 161,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "130",
- "object_id_int": 130,
- "title": "Race Condition Format Flaw (product.jsp)",
- "description": "",
- "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 162,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "131",
- "object_id_int": 131,
- "title": "Stored XSS (product.jsp)",
- "description": "",
- "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \" | \" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\" | \" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 163,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "132",
- "object_id_int": 132,
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 164,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "133",
- "object_id_int": 133,
- "title": "Heap Inspection (init.jsp)",
- "description": "",
- "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 165,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "134",
- "object_id_int": 134,
- "title": "CGI Reflected XSS All Clients (contact.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 166,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "135",
- "object_id_int": 135,
- "title": "Empty Password In Connection String (contact.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 167,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "136",
- "object_id_int": 136,
- "title": "Information Exposure Through an Error Message (product.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 168,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "137",
- "object_id_int": 137,
- "title": "XSRF (password.jsp)",
- "description": "",
- "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 169,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "138",
- "object_id_int": 138,
- "title": "Download of Code Without Integrity Check (advanced.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 170,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "139",
- "object_id_int": 139,
- "title": "Improper Resource Access Authorization (register.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 171,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "16",
- "object_id_int": 16,
- "title": "Checkmarx Scan (Nov 03, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 172,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "140",
- "object_id_int": 140,
- "title": "SQL Injection (register.jsp)",
- "description": "",
- "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 173,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "141",
- "object_id_int": 141,
- "title": "Download of Code Without Integrity Check (login.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 174,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "142",
- "object_id_int": 142,
- "title": "Missing X Frame Options (web.xml)",
- "description": "",
- "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 175,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "143",
- "object_id_int": 143,
- "title": "Information Exposure Through an Error Message (AdvancedSearch.java)",
- "description": "",
- "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 176,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "144",
- "object_id_int": 144,
- "title": "Improper Resource Shutdown or Release (home.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 177,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "145",
- "object_id_int": 145,
- "title": "Reflected XSS All Clients (basket.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 178,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "146",
- "object_id_int": 146,
- "title": "HttpOnlyCookies (register.jsp)",
- "description": "",
- "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 179,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "147",
- "object_id_int": 147,
- "title": "CGI Reflected XSS All Clients (register.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 180,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "148",
- "object_id_int": 148,
- "title": "Hardcoded password in Connection String (product.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 181,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "149",
- "object_id_int": 149,
- "title": "Client Insecure Randomness (encryption.js)",
- "description": "",
- "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 182,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "150",
- "object_id_int": 150,
- "title": "SQL Injection (password.jsp)",
- "description": "",
- "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 183,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "151",
- "object_id_int": 151,
- "title": "Stored XSS (basket.jsp)",
- "description": "",
- "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 184,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "152",
- "object_id_int": 152,
- "title": "CGI Stored XSS (home.jsp)",
- "description": "",
- "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 185,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "153",
- "object_id_int": 153,
- "title": "Not Using a Random IV with CBC Mode (AES.java)",
- "description": "",
- "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 186,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "154",
- "object_id_int": 154,
- "title": "Collapse of Data into Unsafe Value (contact.jsp)",
- "description": "",
- "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 187,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "155",
- "object_id_int": 155,
- "title": "Stored Boundary Violation (login.jsp)",
- "description": "",
- "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 188,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "156",
- "object_id_int": 156,
- "title": "Hardcoded password in Connection String (home.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 189,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "157",
- "object_id_int": 157,
- "title": "Blind SQL Injections (password.jsp)",
- "description": "",
- "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 190,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "158",
- "object_id_int": 158,
- "title": "Heap Inspection (password.jsp)",
- "description": "",
- "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 191,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "159",
- "object_id_int": 159,
- "title": "Use of Cryptographically Weak PRNG (home.jsp)",
- "description": "",
- "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 192,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "160",
- "object_id_int": 160,
- "title": "Trust Boundary Violation (login.jsp)",
- "description": "",
- "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 193,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "161",
- "object_id_int": 161,
- "title": "Information Exposure Through an Error Message (admin.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 194,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "162",
- "object_id_int": 162,
- "title": "Reliance on Cookies in a Decision (basket.jsp)",
- "description": "",
- "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 195,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "163",
- "object_id_int": 163,
- "title": "Empty Password In Connection String (product.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 196,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "164",
- "object_id_int": 164,
- "title": "Improper Resource Access Authorization (password.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 197,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "165",
- "object_id_int": 165,
- "title": "Client Cross Frame Scripting Attack (advanced.jsp)",
- "description": "",
- "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 198,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "166",
- "object_id_int": 166,
- "title": "Hardcoded password in Connection String (password.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 199,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "167",
- "object_id_int": 167,
- "title": "HttpOnlyCookies In Config (web.xml)",
- "description": "",
- "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 200,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "168",
- "object_id_int": 168,
- "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 201,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "169",
- "object_id_int": 169,
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
- "description": "",
- "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 202,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "170",
- "object_id_int": 170,
- "title": "CGI Reflected XSS All Clients (login.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 203,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "171",
- "object_id_int": 171,
- "title": "Suspected XSS (password.jsp)",
- "description": "",
- "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** | <%=username%> | \n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 204,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "172",
- "object_id_int": 172,
- "title": "Hardcoded password in Connection String (contact.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 205,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "173",
- "object_id_int": 173,
- "title": "Hardcoded password in Connection String (dbconnection.jspf)",
- "description": "",
- "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 206,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "174",
- "object_id_int": 174,
- "title": "Empty Password In Connection String (register.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 207,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "175",
- "object_id_int": 175,
- "title": "Download of Code Without Integrity Check (home.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 208,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "176",
- "object_id_int": 176,
- "title": "Information Exposure Through an Error Message (home.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 209,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "177",
- "object_id_int": 177,
- "title": "SQL Injection (login.jsp)",
- "description": "",
- "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 210,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "178",
- "object_id_int": 178,
- "title": "Empty Password In Connection String (advanced.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 211,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "179",
- "object_id_int": 179,
- "title": "CGI Stored XSS (score.jsp)",
- "description": "",
- "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 212,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "180",
- "object_id_int": 180,
- "title": "Plaintext Storage in a Cookie (basket.jsp)",
- "description": "",
- "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 213,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "181",
- "object_id_int": 181,
- "title": "Information Exposure Through an Error Message (contact.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 214,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "182",
- "object_id_int": 182,
- "title": "Hardcoded password in Connection String (basket.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 215,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "183",
- "object_id_int": 183,
- "title": "Stored XSS (admin.jsp)",
- "description": "",
- "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 216,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "184",
- "object_id_int": 184,
- "title": "Download of Code Without Integrity Check (admin.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 217,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "185",
- "object_id_int": 185,
- "title": "Empty Password In Connection String (init.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 218,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "186",
- "object_id_int": 186,
- "title": "Heap Inspection (login.jsp)",
- "description": "",
- "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 219,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "187",
- "object_id_int": 187,
- "title": "Download of Code Without Integrity Check (product.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 220,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "188",
- "object_id_int": 188,
- "title": "Session Fixation (AdvancedSearch.java)",
- "description": "",
- "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 221,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "189",
- "object_id_int": 189,
- "title": "Stored XSS (search.jsp)",
- "description": "",
- "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 222,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "190",
- "object_id_int": 190,
- "title": "Empty Password In Connection String (dbconnection.jspf)",
- "description": "",
- "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 223,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "191",
- "object_id_int": 191,
- "title": "Hardcoded password in Connection String (init.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 224,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "192",
- "object_id_int": 192,
- "title": "Reflected XSS All Clients (contact.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 225,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "193",
- "object_id_int": 193,
- "title": "HttpOnlyCookies (basket.jsp)",
- "description": "",
- "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 226,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "194",
- "object_id_int": 194,
- "title": "Download of Code Without Integrity Check (register.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 227,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "195",
- "object_id_int": 195,
- "title": "Stored XSS (home.jsp)",
- "description": "",
- "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 228,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "196",
- "object_id_int": 196,
- "title": "Empty Password In Connection String (home.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 229,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "197",
- "object_id_int": 197,
- "title": "Reflected XSS All Clients (register.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 230,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "198",
- "object_id_int": 198,
- "title": "Improper Resource Access Authorization (product.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 231,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "199",
- "object_id_int": 199,
- "title": "Download of Code Without Integrity Check (password.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 232,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "200",
- "object_id_int": 200,
- "title": "Download of Code Without Integrity Check (score.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 233,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "201",
- "object_id_int": 201,
- "title": "Improper Resource Access Authorization (basket.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 234,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "202",
- "object_id_int": 202,
- "title": "Race Condition Format Flaw (basket.jsp)",
- "description": "",
- "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 235,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "203",
- "object_id_int": 203,
- "title": "Empty Password In Connection String (header.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 236,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "204",
- "object_id_int": 204,
- "title": "Improper Resource Access Authorization (FunctionalZAP.java)",
- "description": "",
- "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 237,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "205",
- "object_id_int": 205,
- "title": "Suspected XSS (contact.jsp)",
- "description": "",
- "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 238,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "206",
- "object_id_int": 206,
- "title": "Use of Cryptographically Weak PRNG (init.jsp)",
- "description": "",
- "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 239,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "207",
- "object_id_int": 207,
- "title": "CGI Stored XSS (product.jsp)",
- "description": "",
- "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 240,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "208",
- "object_id_int": 208,
- "title": "Improper Resource Shutdown or Release (init.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 241,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "209",
- "object_id_int": 209,
- "title": "Download of Code Without Integrity Check (header.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 242,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "210",
- "object_id_int": 210,
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 243,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "211",
- "object_id_int": 211,
- "title": "Blind SQL Injections (login.jsp)",
- "description": "",
- "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 244,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "212",
- "object_id_int": 212,
- "title": "Client DOM Open Redirect (advanced.jsp)",
- "description": "",
- "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 245,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "213",
- "object_id_int": 213,
- "title": "Hardcoded password in Connection String (search.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 246,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "214",
- "object_id_int": 214,
- "title": "CGI Stored XSS (basket.jsp)",
- "description": "",
- "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 247,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "215",
- "object_id_int": 215,
- "title": "Use of Insufficiently Random Values (init.jsp)",
- "description": "",
- "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 248,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "216",
- "object_id_int": 216,
- "title": "Missing X Frame Options (web.xml)",
- "description": "",
- "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 249,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "217",
- "object_id_int": 217,
- "title": "Reflected XSS All Clients (search.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 250,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "218",
- "object_id_int": 218,
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
- "description": "",
- "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 251,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "219",
- "object_id_int": 219,
- "title": "Information Exposure Through an Error Message (score.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 252,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "220",
- "object_id_int": 220,
- "title": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)",
- "description": "",
- "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 253,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "221",
- "object_id_int": 221,
- "title": "Reliance on Cookies in a Decision (register.jsp)",
- "description": "",
- "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 254,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "222",
- "object_id_int": 222,
- "title": "Stored XSS (contact.jsp)",
- "description": "",
- "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 255,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "223",
- "object_id_int": 223,
- "title": "CGI Stored XSS (admin.jsp)",
- "description": "",
- "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 256,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "224",
- "object_id_int": 224,
- "title": "Heap Inspection (register.jsp)",
- "description": "",
- "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 257,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "225",
- "object_id_int": 225,
- "title": "Improper Resource Shutdown or Release (search.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 258,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "226",
- "object_id_int": 226,
- "title": "Information Exposure Through an Error Message (register.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 259,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "227",
- "object_id_int": 227,
- "title": "Improper Resource Access Authorization (init.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 260,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "228",
- "object_id_int": 228,
- "title": "CGI Stored XSS (header.jsp)",
- "description": "",
- "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 261,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "229",
- "object_id_int": 229,
- "title": "Blind SQL Injections (basket.jsp)",
- "description": "",
- "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 262,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "230",
- "object_id_int": 230,
- "title": "HttpOnlyCookies In Config (web.xml)",
- "description": "",
- "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 263,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "231",
- "object_id_int": 231,
- "title": "Use of Hard coded Cryptographic Key (AES.java)",
- "description": "",
- "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 264,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "232",
- "object_id_int": 232,
- "title": "Improper Resource Shutdown or Release (score.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 265,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "233",
- "object_id_int": 233,
- "title": "CGI Reflected XSS All Clients (basket.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 266,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "234",
- "object_id_int": 234,
- "title": "Stored XSS (score.jsp)",
- "description": "",
- "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 267,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "235",
- "object_id_int": 235,
- "title": "Information Exposure Through an Error Message (basket.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 268,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "236",
- "object_id_int": 236,
- "title": "Improper Resource Access Authorization (search.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 269,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "237",
- "object_id_int": 237,
- "title": "Improper Resource Access Authorization (home.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 270,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "238",
- "object_id_int": 238,
- "title": "Improper Resource Shutdown or Release (admin.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 271,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "239",
- "object_id_int": 239,
- "title": "Information Exposure Through an Error Message (search.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 272,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "240",
- "object_id_int": 240,
- "title": "Blind SQL Injections (register.jsp)",
- "description": "",
- "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 273,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "241",
- "object_id_int": 241,
- "title": "Reliance on Cookies in a Decision (login.jsp)",
- "description": "",
- "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 274,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "242",
- "object_id_int": 242,
- "title": "Download of Code Without Integrity Check (search.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 275,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "243",
- "object_id_int": 243,
- "title": "Unsynchronized Access To Shared Data (AdvancedSearch.java)",
- "description": "",
- "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 276,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "244",
- "object_id_int": 244,
- "title": "Empty Password In Connection String (search.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 277,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "245",
- "object_id_int": 245,
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 278,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "246",
- "object_id_int": 246,
- "title": "Improper Resource Access Authorization (score.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 279,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "247",
- "object_id_int": 247,
- "title": "Session Fixation (logout.jsp)",
- "description": "",
- "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 280,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "248",
- "object_id_int": 248,
- "title": "Hardcoded password in Connection String (login.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 281,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "249",
- "object_id_int": 249,
- "title": "Hardcoded password in Connection String (advanced.jsp)",
- "description": "",
- "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 282,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "250",
- "object_id_int": 250,
- "title": "Improper Resource Access Authorization (login.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 283,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "251",
- "object_id_int": 251,
- "title": "Improper Resource Access Authorization (header.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 284,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "252",
- "object_id_int": 252,
- "title": "Empty Password In Connection String (score.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 285,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "253",
- "object_id_int": 253,
- "title": "Improper Resource Shutdown or Release (password.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 286,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "254",
- "object_id_int": 254,
- "title": "Improper Resource Shutdown or Release (product.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 287,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "255",
- "object_id_int": 255,
- "title": "Empty Password In Connection String (login.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 288,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "256",
- "object_id_int": 256,
- "title": "Information Exposure Through an Error Message (login.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 289,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "257",
- "object_id_int": 257,
- "title": "Use of Insufficiently Random Values (contact.jsp)",
- "description": "",
- "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 290,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "258",
- "object_id_int": 258,
- "title": "Stored XSS (contact.jsp)",
- "description": "",
- "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 291,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "259",
- "object_id_int": 259,
- "title": "HttpOnlyCookies (login.jsp)",
- "description": "",
- "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 292,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "260",
- "object_id_int": 260,
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
- "description": "",
- "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 293,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "261",
- "object_id_int": 261,
- "title": "Information Exposure Through an Error Message (header.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 294,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "262",
- "object_id_int": 262,
- "title": "Race Condition Format Flaw (product.jsp)",
- "description": "",
- "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 295,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "263",
- "object_id_int": 263,
- "title": "Stored XSS (product.jsp)",
- "description": "",
- "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \" | \" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\" | \" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 296,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "264",
- "object_id_int": 264,
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 297,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "265",
- "object_id_int": 265,
- "title": "Heap Inspection (init.jsp)",
- "description": "",
- "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 298,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "266",
- "object_id_int": 266,
- "title": "CGI Reflected XSS All Clients (contact.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 299,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "267",
- "object_id_int": 267,
- "title": "Empty Password In Connection String (contact.jsp)",
- "description": "",
- "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 300,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "268",
- "object_id_int": 268,
- "title": "Information Exposure Through an Error Message (product.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 301,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "269",
- "object_id_int": 269,
- "title": "XSRF (password.jsp)",
- "description": "",
- "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 302,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "270",
- "object_id_int": 270,
- "title": "Download of Code Without Integrity Check (advanced.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 303,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "271",
- "object_id_int": 271,
- "title": "Improper Resource Access Authorization (register.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 304,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "272",
- "object_id_int": 272,
- "title": "Download of Code Without Integrity Check (basket.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 305,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "273",
- "object_id_int": 273,
- "title": "Improper Resource Access Authorization (admin.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None None None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 306,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "274",
- "object_id_int": 274,
- "title": "Use of Cryptographically Weak PRNG (contact.jsp)",
- "description": "",
- "content": "Use of Cryptographically Weak PRNG (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 307,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "275",
- "object_id_int": 275,
- "title": "Improper Resource Shutdown or Release (contact.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 308,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "276",
- "object_id_int": 276,
- "title": "Reflected XSS All Clients (login.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 309,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "277",
- "object_id_int": 277,
- "title": "Use of Insufficiently Random Values (home.jsp)",
- "description": "",
- "content": "Use of Insufficiently Random Values (home.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 310,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "278",
- "object_id_int": 278,
- "title": "SQL Injection (basket.jsp)",
- "description": "",
- "content": "SQL Injection (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None None None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 311,
- "fields": {
- "engine_slug": "default",
- "content_type": 81,
- "object_id": "1",
- "object_id_int": 1,
- "title": "Tomcat | BodgeIt",
- "description": "",
- "content": "Tomcat 8.5.1 None None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 312,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "262",
- "object_id_int": 262,
- "title": "Race Condition Format Flaw (product.jsp)",
- "description": "",
- "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None 262 N/A None BodgeIt ",
- "url": "/finding/262",
- "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 313,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "263",
- "object_id_int": 263,
- "title": "Stored XSS (product.jsp)",
- "description": "",
- "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None 263 N/A None BodgeIt ",
- "url": "/finding/263",
- "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 314,
- "fields": {
- "engine_slug": "default",
- "content_type": 38,
- "object_id": "6",
- "object_id_int": 6,
- "title": "Engagement: Quarterly PCI Scan (Jan 19, 2022)",
- "description": "",
- "content": "Quarterly PCI Scan Reccuring Quarterly Scan None None None Not Started other none none Interactive None None None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 315,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "18",
- "object_id_int": 18,
- "title": "Qualys Scan (Jan 19, 2022)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 316,
- "fields": {
- "engine_slug": "default",
- "content_type": 28,
- "object_id": "2",
- "object_id_int": 2,
- "title": "Internal CRM App",
- "description": "",
- "content": "Internal CRM App * New product in development that attempts to follow all best practices Bob Builder Tester Jester None medium web construction internal",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 317,
- "fields": {
- "engine_slug": "default",
- "content_type": 38,
- "object_id": "7",
- "object_id_int": 7,
- "title": "Engagement: Ad Hoc Engagement (Nov 03, 2021)",
- "description": "",
- "content": "Ad Hoc Engagement None None None None None threat_model none none Interactive None None None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 318,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "19",
- "object_id_int": 19,
- "title": "Pen Test (Nov 03, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 319,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "279",
- "object_id_int": 279,
- "title": "test",
- "description": "",
- "content": "test No url given Info asdf adf asdf No references given S4 None None None None None df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5 None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 320,
- "fields": {
- "engine_slug": "default",
- "content_type": 28,
- "object_id": "3",
- "object_id_int": 3,
- "title": "Apple Accounting Software",
- "description": "",
- "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers 0 0 0 high web production purchased",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 321,
- "fields": {
- "engine_slug": "default",
- "content_type": 38,
- "object_id": "8",
- "object_id_int": 8,
- "title": "Engagement: Initial Assessment (Dec 20, 2021)",
- "description": "",
- "content": "Initial Assessment This application needs to be assesed to determine the security posture. 10.2.1 None None Not Started other none none Interactive None None None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 322,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "20",
- "object_id_int": 20,
- "title": "API Test (Dec 20, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 323,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "21",
- "object_id_int": 21,
- "title": "Nmap Scan (Dec 20, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 324,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "22",
- "object_id_int": 22,
- "title": "Dependency Check Scan (Dec 20, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 325,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "23",
- "object_id_int": 23,
- "title": "ZAP Scan (Dec 20, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 326,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "276",
- "object_id_int": 276,
- "title": "Reflected XSS All Clients (login.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None 276 N/A None BodgeIt ",
- "url": "/finding/276",
- "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 327,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "277",
- "object_id_int": 277,
- "title": "Use of Insufficiently Random Values (home.jsp)",
- "description": "",
- "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None 277 N/A None BodgeIt ",
- "url": "/finding/277",
- "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 328,
- "fields": {
- "engine_slug": "default",
- "content_type": 38,
- "object_id": "10",
- "object_id_int": 10,
- "title": "Engagement: Multiple scanners (Nov 04, 2021)",
- "description": "",
- "content": "Multiple scanners Example engagement with multiple scan types. 1.2.1 None None Completed threat_model none none Interactive None None None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 329,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "25",
- "object_id_int": 25,
- "title": "Dependency Check Scan (Nov 04, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 330,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "280",
- "object_id_int": 280,
- "title": "notepad++.exe | CVE-2007-2666",
- "description": "",
- "content": "notepad++.exe | CVE-2007-2666 None High CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++. None None name: 23961\nsource: BID\nurl: http://www.securityfocus.com/bid/23961\n\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\n\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\n\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\nsource: CONFIRM\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\n\nname: 3912\nsource: MILW0RM\nurl: http://www.milw0rm.com/exploits/3912\n\nname: ADV-2007-1794\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1794\n\nname: ADV-2007-1867\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1867\n\nname: notepadplus-rb-bo(34269)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34269\n\nname: scintilla-rb-bo(34372)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34372\n\n S1 None None None None None 1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a notepad++.exe",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 331,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "281",
- "object_id_int": 281,
- "title": "notepad++.exe | CVE-2008-3436",
- "description": "",
- "content": "notepad++.exe | CVE-2008-3436 None High CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. None None name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\nsource: FULLDISC\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\n\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\nsource: MISC\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\n\n S1 None None None None None b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb notepad++.exe",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 332,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "26",
- "object_id_int": 26,
- "title": "VCG Scan (Nov 04, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 333,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "282",
- "object_id_int": 282,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 334,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "283",
- "object_id_int": 283,
- "title": ".NET Debugging Enabled",
- "description": "",
- "content": ".NET Debugging Enabled None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n None None None S2 None None None None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 335,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "284",
- "object_id_int": 284,
- "title": "URL Request Gets Path from Variable",
- "description": "",
- "content": "URL Request Gets Path from Variable None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None None None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 336,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "285",
- "object_id_int": 285,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 337,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "286",
- "object_id_int": 286,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 338,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "287",
- "object_id_int": 287,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 339,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "288",
- "object_id_int": 288,
- "title": ".NET Debugging Enabled",
- "description": "",
- "content": ".NET Debugging Enabled None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n None None None S2 None None None None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 340,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "289",
- "object_id_int": 289,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 341,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "290",
- "object_id_int": 290,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 342,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "291",
- "object_id_int": 291,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 343,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "292",
- "object_id_int": 292,
- "title": "URL Request Gets Path from Variable",
- "description": "",
- "content": "URL Request Gets Path from Variable None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n None None None S3 None None None None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 344,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "293",
- "object_id_int": 293,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 345,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "294",
- "object_id_int": 294,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 346,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "295",
- "object_id_int": 295,
- "title": "URL Request Gets Path from Variable",
- "description": "",
- "content": "URL Request Gets Path from Variable None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None None None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 347,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "296",
- "object_id_int": 296,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 348,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "297",
- "object_id_int": 297,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 349,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "298",
- "object_id_int": 298,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 350,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "299",
- "object_id_int": 299,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 351,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "301",
- "object_id_int": 301,
- "title": "Frameable response (potential Clickjacking)",
- "description": "",
- "content": "Frameable response (potential Clickjacking) None None None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None 301 None None BodgeIt ",
- "url": "/finding/301",
- "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 352,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "28",
- "object_id_int": 28,
- "title": "Burp Scan (Nov 04, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 353,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "300",
- "object_id_int": 300,
- "title": "Password field with autocomplete enabled",
- "description": "",
- "content": "Password field with autocomplete enabled None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 354,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "4",
- "object_id_int": 4,
- "title": "http://localhost:8888/bodgeit/login.jsp",
- "description": "",
- "content": "http localhost:8888 None /bodgeit/login.jsp None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 355,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "5",
- "object_id_int": 5,
- "title": "127.0.0.1",
- "description": "",
- "content": "None 127.0.0.1 None None None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 356,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "6",
- "object_id_int": 6,
- "title": "http://localhost:8888/bodgeit/register.jsp",
- "description": "",
- "content": "http localhost:8888 None /bodgeit/register.jsp None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 357,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "7",
- "object_id_int": 7,
- "title": "http://localhost:8888/bodgeit/password.jsp",
- "description": "",
- "content": "http localhost:8888 None /bodgeit/password.jsp None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 358,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "301",
- "object_id_int": 301,
- "title": "Frameable response (potential Clickjacking)",
- "description": "",
- "content": "Frameable response (potential Clickjacking) None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 359,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "8",
- "object_id_int": 8,
- "title": "http://localhost:8888/bodgeit/",
- "description": "",
- "content": "http localhost:8888 None /bodgeit/ None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 360,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "9",
- "object_id_int": 9,
- "title": "http://localhost:8888/bodgeit/basket.jsp",
- "description": "",
- "content": "http localhost:8888 None /bodgeit/basket.jsp None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 361,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "10",
- "object_id_int": 10,
- "title": "http://localhost:8888/bodgeit/advanced.jsp",
- "description": "",
- "content": "http localhost:8888 None /bodgeit/advanced.jsp None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 362,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "11",
- "object_id_int": 11,
- "title": "http://localhost:8888/bodgeit/admin.jsp",
- "description": "",
- "content": "http localhost:8888 None /bodgeit/admin.jsp None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 363,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "12",
- "object_id_int": 12,
- "title": "http://localhost:8888/bodgeit/about.jsp",
- "description": "",
- "content": "http localhost:8888 None /bodgeit/about.jsp None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 364,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "13",
- "object_id_int": 13,
- "title": "http://localhost:8888/bodgeit/contact.jsp",
- "description": "",
- "content": "http localhost:8888 None /bodgeit/contact.jsp None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 365,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "14",
- "object_id_int": 14,
- "title": "http://localhost:8888/bodgeit/home.jsp",
- "description": "",
- "content": "http localhost:8888 None /bodgeit/home.jsp None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 366,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "15",
- "object_id_int": 15,
- "title": "http://localhost:8888/bodgeit/product.jsp",
- "description": "",
- "content": "http localhost:8888 None /bodgeit/product.jsp None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 367,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "16",
- "object_id_int": 16,
- "title": "http://localhost:8888/bodgeit/score.jsp",
- "description": "",
- "content": "http localhost:8888 None /bodgeit/score.jsp None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 368,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "17",
- "object_id_int": 17,
- "title": "http://localhost:8888/bodgeit/search.jsp",
- "description": "",
- "content": "http localhost:8888 None /bodgeit/search.jsp None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 369,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "18",
- "object_id_int": 18,
- "title": "http://localhost:8888/",
- "description": "",
- "content": "http localhost:8888 None / None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 370,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "19",
- "object_id_int": 19,
- "title": "http://localhost:8888/bodgeit/logout.jsp",
- "description": "",
- "content": "http localhost:8888 None /bodgeit/logout.jsp None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 371,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "302",
- "object_id_int": 302,
- "title": "Cross-site scripting (reflected)",
- "description": "",
- "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 372,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "303",
- "object_id_int": 303,
- "title": "Unencrypted communications",
- "description": "",
- "content": "Unencrypted communications None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None None None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 373,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "304",
- "object_id_int": 304,
- "title": "Password returned in later response",
- "description": "",
- "content": "Password returned in later response None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None None None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 374,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "305",
- "object_id_int": 305,
- "title": "Email addresses disclosed",
- "description": "",
- "content": "Email addresses disclosed None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None None None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 375,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "306",
- "object_id_int": 306,
- "title": "Cross-site request forgery",
- "description": "",
- "content": "Cross-site request forgery None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None None None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 376,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "307",
- "object_id_int": 307,
- "title": "SQL injection",
- "description": "",
- "content": "SQL injection None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None None None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 377,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "308",
- "object_id_int": 308,
- "title": "Path-relative style sheet import",
- "description": "",
- "content": "Path-relative style sheet import None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 378,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "309",
- "object_id_int": 309,
- "title": "Cleartext submission of password",
- "description": "",
- "content": "Cleartext submission of password None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 379,
- "fields": {
- "engine_slug": "default",
- "content_type": 38,
- "object_id": "11",
- "object_id_int": 11,
- "title": "Engagement: Manual PenTest (Dec 30, 2021)",
- "description": "",
- "content": "Manual PenTest Please do a manual pentest before our next release to prod. 1.9.1 None None Blocked other none none Interactive None None None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 380,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "29",
- "object_id_int": 29,
- "title": "Manual Code Review (Nov 04, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 381,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "30",
- "object_id_int": 30,
- "title": "Pen Test (Nov 04, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 382,
- "fields": {
- "engine_slug": "default",
- "content_type": 38,
- "object_id": "12",
- "object_id_int": 12,
- "title": "Engagement: CI/CD Baseline Security Test (Nov 04, 2021)",
- "description": "",
- "content": "CI/CD Baseline Security Test 1.1.2 None https://github.com/psiinon/bodgeit None Completed other none none CI/CD 89 b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6 master https://github.com/psiinon/bodgeit",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 383,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "31",
- "object_id_int": 31,
- "title": "Gosec Scanner (Nov 04, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 384,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "310",
- "object_id_int": 310,
- "title": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "description": "",
- "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 385,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "311",
- "object_id_int": 311,
- "title": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "description": "",
- "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 386,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "312",
- "object_id_int": 312,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 387,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "313",
- "object_id_int": 313,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 388,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "314",
- "object_id_int": 314,
- "title": "SQL string formatting-G201",
- "description": "",
- "content": "SQL string formatting-G201 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n coming soon None None S2 None None None None None 929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd /vagrant/go/src/govwa/vulnerability/sqli/function.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 389,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "315",
- "object_id_int": 315,
- "title": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
- "description": "",
- "content": "Blacklisted import crypto/md5: weak cryptographic primitive-G501 N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None None None None 58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5 /vagrant/go/src/govwa/user/user.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 390,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "316",
- "object_id_int": 316,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 391,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "317",
- "object_id_int": 317,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None None None None 847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af /vagrant/go/src/govwa/vulnerability/csa/csa.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 392,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "318",
- "object_id_int": 318,
- "title": "Use of weak cryptographic primitive-G401",
- "description": "",
- "content": "Use of weak cryptographic primitive-G401 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None None None None 01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f /vagrant/go/src/govwa/vulnerability/idor/idor.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 393,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "319",
- "object_id_int": 319,
- "title": "Use of weak cryptographic primitive-G401",
- "description": "",
- "content": "Use of weak cryptographic primitive-G401 N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None None None None 493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4 /vagrant/go/src/govwa/user/user.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 394,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "320",
- "object_id_int": 320,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n coming soon None None S3 None None None None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 395,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "321",
- "object_id_int": 321,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n coming soon None None S3 None None None None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 396,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "322",
- "object_id_int": 322,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n coming soon None None S3 None None None None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 397,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "323",
- "object_id_int": 323,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n coming soon None None S3 None None None None None 2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95 /vagrant/go/src/govwa/app.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 398,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "324",
- "object_id_int": 324,
- "title": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "description": "",
- "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 399,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "325",
- "object_id_int": 325,
- "title": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "description": "",
- "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 400,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "326",
- "object_id_int": 326,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n coming soon None None S3 None None None None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 401,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "327",
- "object_id_int": 327,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n coming soon None None S3 None None None None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 402,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "328",
- "object_id_int": 328,
- "title": "Use of weak cryptographic primitive-G401",
- "description": "",
- "content": "Use of weak cryptographic primitive-G401 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None None None None 409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692 /vagrant/go/src/govwa/vulnerability/csa/csa.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 403,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "329",
- "object_id_int": 329,
- "title": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
- "description": "",
- "content": "Blacklisted import crypto/md5: weak cryptographic primitive-G501 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None None None None 822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1 /vagrant/go/src/govwa/vulnerability/csa/csa.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 404,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "330",
- "object_id_int": 330,
- "title": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
- "description": "",
- "content": "Blacklisted import crypto/md5: weak cryptographic primitive-G501 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None None None None 1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca /vagrant/go/src/govwa/vulnerability/idor/idor.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 405,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "331",
- "object_id_int": 331,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n coming soon None None S3 None None None None None 9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a /vagrant/go/src/govwa/util/cookie.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 406,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "332",
- "object_id_int": 332,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 407,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "333",
- "object_id_int": 333,
- "title": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "description": "",
- "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 408,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "334",
- "object_id_int": 334,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 409,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "335",
- "object_id_int": 335,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None None None None 27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa /vagrant/go/src/govwa/user/user.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 410,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "336",
- "object_id_int": 336,
- "title": "Errors unhandled.-G104",
- "description": "",
- "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n coming soon None None S3 None None None None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 411,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "337",
- "object_id_int": 337,
- "title": "this method will not auto-escape HTML. Verify data is well formed.-G203",
- "description": "",
- "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n coming soon None None S2 None None None None None 2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66 /vagrant/go/src/govwa/util/template.go",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 412,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "1",
- "object_id_int": 1,
- "title": "http://127.0.0.1/endpoint/420/edit/",
- "description": "",
- "content": "http 127.0.0.1 example.com /endpoint/420/edit/ None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 413,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "2",
- "object_id_int": 2,
- "title": "ftp://localhost/",
- "description": "",
- "content": "ftp localhost www.example.com / None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 414,
- "fields": {
- "engine_slug": "default",
- "content_type": 43,
- "object_id": "3",
- "object_id_int": 3,
- "title": "ssh:127.0.0.1",
- "description": "",
- "content": "ssh 127.0.0.1 www.example.com None None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 415,
- "fields": {
- "engine_slug": "default",
- "content_type": 38,
- "object_id": "1",
- "object_id_int": 1,
- "title": "Engagement: 1st Quarter Engagement (Jun 30, 2021)",
- "description": "",
- "content": "1st Quarter Engagement test Engagement None None None None In Progress threat_model none none Interactive None None None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 416,
- "fields": {
- "engine_slug": "default",
- "content_type": 38,
- "object_id": "3",
- "object_id_int": 3,
- "title": "Engagement: weekly engagement (Jun 21, 2021)",
- "description": "",
- "content": "weekly engagement test Engagement None None None None Completed threat_model none none Interactive None None None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 417,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "3",
- "object_id_int": 3,
- "title": "API Test (Feb 18, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 418,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "13",
- "object_id_int": 13,
- "title": "API Test (Mar 21, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 419,
- "fields": {
- "engine_slug": "default",
- "content_type": 38,
- "object_id": "13",
- "object_id_int": 13,
- "title": "Engagement: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)",
- "description": "",
- "content": "AdHoc Import - Fri, 17 Aug 2018 18:20:55 None None None None None In Progress threat_model none none Interactive None None None None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 420,
- "fields": {
- "engine_slug": "default",
- "content_type": 50,
- "object_id": "32",
- "object_id_int": 32,
- "title": "Burp Scan (Nov 04, 2021)",
- "description": "",
- "content": "",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 421,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "338",
- "object_id_int": 338,
- "title": "Password field with autocomplete enabled",
- "description": "",
- "content": "Password field with autocomplete enabled None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 422,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "339",
- "object_id_int": 339,
- "title": "Frameable response (potential Clickjacking)",
- "description": "",
- "content": "Frameable response (potential Clickjacking) None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 423,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "340",
- "object_id_int": 340,
- "title": "Cross-site scripting (reflected)",
- "description": "",
- "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 424,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "341",
- "object_id_int": 341,
- "title": "Unencrypted communications",
- "description": "",
- "content": "Unencrypted communications None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None None None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 425,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "342",
- "object_id_int": 342,
- "title": "Password returned in later response",
- "description": "",
- "content": "Password returned in later response None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None None None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 426,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "343",
- "object_id_int": 343,
- "title": "Email addresses disclosed",
- "description": "",
- "content": "Email addresses disclosed None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None None None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 427,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "344",
- "object_id_int": 344,
- "title": "Cross-site request forgery",
- "description": "",
- "content": "Cross-site request forgery None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None None None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 428,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "345",
- "object_id_int": 345,
- "title": "SQL injection",
- "description": "",
- "content": "SQL injection None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None None None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 429,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "346",
- "object_id_int": 346,
- "title": "Path-relative style sheet import",
- "description": "",
- "content": "Path-relative style sheet import None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 430,
- "fields": {
- "engine_slug": "default",
- "content_type": 54,
- "object_id": "347",
- "object_id_int": 347,
- "title": "Cleartext submission of password",
- "description": "",
- "content": "Cleartext submission of password None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None",
- "url": "",
- "meta_encoded": "{}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 431,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "5",
- "object_id_int": 5,
- "title": "High Impact Test Finding",
- "description": "",
- "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 5 None None Internal CRM App 222",
- "url": "/finding/5",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"222\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 432,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "4",
- "object_id_int": 4,
- "title": "High Impact Test Finding",
- "description": "",
- "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 4 None None Internal CRM App ",
- "url": "/finding/4",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 433,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "6",
- "object_id_int": 6,
- "title": "High Impact Test Finding",
- "description": "",
- "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 6 None None Internal CRM App 333",
- "url": "/finding/6",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"333\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 434,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "7",
- "object_id_int": 7,
- "title": "Dummy Finding",
- "description": "",
- "content": "Dummy Finding None None http://www.example.com High TEST finding MITIGATION HIGH None None S1 None None c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0 None None None None None None None None None None 7 http://www.example.com None Internal CRM App ",
- "url": "/finding/7",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 435,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "309",
- "object_id_int": 309,
- "title": "Cleartext Submission of Password",
- "description": "",
- "content": "Cleartext Submission of Password None None None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 309 None None BodgeIt ",
- "url": "/finding/309",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 436,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "347",
- "object_id_int": 347,
- "title": "Cleartext Submission of Password",
- "description": "",
- "content": "Cleartext Submission of Password None None None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 347 None None BodgeIt ",
- "url": "/finding/347",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 437,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "302",
- "object_id_int": 302,
- "title": "Cross-Site Scripting (Reflected)",
- "description": "",
- "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 302 None None BodgeIt ",
- "url": "/finding/302",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 438,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "340",
- "object_id_int": 340,
- "title": "Cross-Site Scripting (Reflected)",
- "description": "",
- "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 340 None None BodgeIt ",
- "url": "/finding/340",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 439,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "345",
- "object_id_int": 345,
- "title": "SQL Injection",
- "description": "",
- "content": "SQL Injection None None None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None None None None None None None None None None None 345 None None BodgeIt ",
- "url": "/finding/345",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 440,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "307",
- "object_id_int": 307,
- "title": "SQL Injection",
- "description": "",
- "content": "SQL Injection None None None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None None None None None None None None None None None 307 None None BodgeIt ",
- "url": "/finding/307",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 441,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "280",
- "object_id_int": 280,
- "title": "Notepad++.exe | CVE-2007-2666",
- "description": "",
- "content": "Notepad++.exe | CVE-2007-2666 None None None High CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++. None None name: 23961\nsource: BID\nurl: http://www.securityfocus.com/bid/23961\n\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\n\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\n\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\nsource: CONFIRM\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\n\nname: 3912\nsource: MILW0RM\nurl: http://www.milw0rm.com/exploits/3912\n\nname: ADV-2007-1794\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1794\n\nname: ADV-2007-1867\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1867\n\nname: notepadplus-rb-bo(34269)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34269\n\nname: scintilla-rb-bo(34372)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34372\n\n S1 None None 1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a notepad++.exe None None None None None None None None None None 280 None None BodgeIt ",
- "url": "/finding/280",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 442,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "281",
- "object_id_int": 281,
- "title": "Notepad++.exe | CVE-2008-3436",
- "description": "",
- "content": "Notepad++.exe | CVE-2008-3436 None None None High CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. None None name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\nsource: FULLDISC\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\n\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\nsource: MISC\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\n\n S1 None None b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb notepad++.exe None None None None None None None None None None 281 None None BodgeIt ",
- "url": "/finding/281",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 443,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "145",
- "object_id_int": 145,
- "title": "Reflected XSS All Clients (basket.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 145 N/A None BodgeIt ",
- "url": "/finding/145",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 444,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "13",
- "object_id_int": 13,
- "title": "Reflected XSS All Clients (basket.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 13 N/A None BodgeIt ",
- "url": "/finding/13",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 445,
- "fields": {
- "engine_slug": "default",
- "content_type": 29,
- "object_id": "2",
- "object_id_int": 2,
- "title": "Internal CRM App",
- "description": "",
- "content": "Internal CRM App * New product in development that attempts to follow all best practices medium web construction internal 2 Commerce",
- "url": "/product/2",
- "meta_encoded": "{\"prod_type__name\": \"Commerce\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 446,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "60",
- "object_id_int": 60,
- "title": "Reflected XSS All Clients (contact.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
- "url": "/finding/60",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 447,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "192",
- "object_id_int": 192,
- "title": "Reflected XSS All Clients (contact.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
- "url": "/finding/192",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 448,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "276",
- "object_id_int": 276,
- "title": "Reflected XSS All Clients (login.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None None None None 276 N/A None BodgeIt ",
- "url": "/finding/276",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 449,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "65",
- "object_id_int": 65,
- "title": "Reflected XSS All Clients (register.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 65 N/A None BodgeIt ",
- "url": "/finding/65",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 450,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "197",
- "object_id_int": 197,
- "title": "Reflected XSS All Clients (register.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 197 N/A None BodgeIt ",
- "url": "/finding/197",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 451,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "217",
- "object_id_int": 217,
- "title": "Reflected XSS All Clients (search.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 217 N/A None BodgeIt ",
- "url": "/finding/217",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 452,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "85",
- "object_id_int": 85,
- "title": "Reflected XSS All Clients (search.jsp)",
- "description": "",
- "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 85 N/A None BodgeIt ",
- "url": "/finding/85",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 453,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "278",
- "object_id_int": 278,
- "title": "SQL Injection (basket.jsp)",
- "description": "",
- "content": "SQL Injection (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp None None None None None None None None None None 278 N/A None BodgeIt ",
- "url": "/finding/278",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 454,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "45",
- "object_id_int": 45,
- "title": "SQL Injection (login.jsp)",
- "description": "",
- "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 45 N/A None BodgeIt ",
- "url": "/finding/45",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 455,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "177",
- "object_id_int": 177,
- "title": "SQL Injection (login.jsp)",
- "description": "",
- "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 177 N/A None BodgeIt ",
- "url": "/finding/177",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 456,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "18",
- "object_id_int": 18,
- "title": "SQL Injection (password.jsp)",
- "description": "",
- "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 18 N/A None BodgeIt ",
- "url": "/finding/18",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 457,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "150",
- "object_id_int": 150,
- "title": "SQL Injection (password.jsp)",
- "description": "",
- "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 150 N/A None BodgeIt ",
- "url": "/finding/150",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 458,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "8",
- "object_id_int": 8,
- "title": "SQL Injection (register.jsp)",
- "description": "",
- "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 8 N/A None BodgeIt ",
- "url": "/finding/8",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 459,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "140",
- "object_id_int": 140,
- "title": "SQL Injection (register.jsp)",
- "description": "",
- "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 140 N/A None BodgeIt ",
- "url": "/finding/140",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 460,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "51",
- "object_id_int": 51,
- "title": "Stored XSS (admin.jsp)",
- "description": "",
- "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 51 N/A None BodgeIt ",
- "url": "/finding/51",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 461,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "183",
- "object_id_int": 183,
- "title": "Stored XSS (admin.jsp)",
- "description": "",
- "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 183 N/A None BodgeIt ",
- "url": "/finding/183",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 462,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "151",
- "object_id_int": 151,
- "title": "Stored XSS (basket.jsp)",
- "description": "",
- "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 151 N/A None BodgeIt ",
- "url": "/finding/151",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 463,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "19",
- "object_id_int": 19,
- "title": "Stored XSS (basket.jsp)",
- "description": "",
- "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 19 N/A None BodgeIt ",
- "url": "/finding/19",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 464,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "258",
- "object_id_int": 258,
- "title": "Stored XSS (contact.jsp)",
- "description": "",
- "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 258 N/A None BodgeIt ",
- "url": "/finding/258",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 465,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "126",
- "object_id_int": 126,
- "title": "Stored XSS (contact.jsp)",
- "description": "",
- "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 126 N/A None BodgeIt ",
- "url": "/finding/126",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 466,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "90",
- "object_id_int": 90,
- "title": "Stored XSS (contact.jsp)",
- "description": "",
- "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 90 N/A None BodgeIt ",
- "url": "/finding/90",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 467,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "222",
- "object_id_int": 222,
- "title": "Stored XSS (contact.jsp)",
- "description": "",
- "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 222 N/A None BodgeIt ",
- "url": "/finding/222",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 468,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "63",
- "object_id_int": 63,
- "title": "Stored XSS (home.jsp)",
- "description": "",
- "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 63 N/A None BodgeIt ",
- "url": "/finding/63",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 469,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "195",
- "object_id_int": 195,
- "title": "Stored XSS (home.jsp)",
- "description": "",
- "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 195 N/A None BodgeIt ",
- "url": "/finding/195",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 470,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "263",
- "object_id_int": 263,
- "title": "Stored XSS (product.jsp)",
- "description": "",
- "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 263 N/A None BodgeIt ",
- "url": "/finding/263",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 471,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "131",
- "object_id_int": 131,
- "title": "Stored XSS (product.jsp)",
- "description": "",
- "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 131 N/A None BodgeIt ",
- "url": "/finding/131",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 472,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "234",
- "object_id_int": 234,
- "title": "Stored XSS (score.jsp)",
- "description": "",
- "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 234 N/A None BodgeIt ",
- "url": "/finding/234",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 473,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "102",
- "object_id_int": 102,
- "title": "Stored XSS (score.jsp)",
- "description": "",
- "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 102 N/A None BodgeIt ",
- "url": "/finding/102",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 474,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "189",
- "object_id_int": 189,
- "title": "Stored XSS (search.jsp)",
- "description": "",
- "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 189 N/A None BodgeIt ",
- "url": "/finding/189",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 475,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "57",
- "object_id_int": 57,
- "title": "Stored XSS (search.jsp)",
- "description": "",
- "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 57 N/A None BodgeIt ",
- "url": "/finding/57",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 476,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "288",
- "object_id_int": 288,
- "title": ".NET Debugging Enabled",
- "description": "",
- "content": ".NET Debugging Enabled None None None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n None None None S2 None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None None None None None None None None None None None 288 None None BodgeIt ",
- "url": "/finding/288",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 477,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "283",
- "object_id_int": 283,
- "title": ".NET Debugging Enabled",
- "description": "",
- "content": ".NET Debugging Enabled None None None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n None None None S2 None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None None None None None None None None None None None 283 None None BodgeIt ",
- "url": "/finding/283",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 478,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "315",
- "object_id_int": 315,
- "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
- "description": "",
- "content": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501 None None N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None 58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5 /vagrant/go/src/govwa/user/user.go None None None None None None None None None None 315 N/A None BodgeIt ",
- "url": "/finding/315",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 479,
- "fields": {
- "engine_slug": "default",
- "content_type": 29,
- "object_id": "1",
- "object_id_int": 1,
- "title": "BodgeIt",
- "description": "",
- "content": "BodgeIt [Features](https://github.com/psiinon/bodgeit) and characteristics:\r\n\r\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\r\n* Self contained (no additional dependencies other than to 2 in the above line)\r\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\r\n* Cross platform\r\n* Open source\r\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up high web production internal 1 Commerce",
- "url": "/product/1",
- "meta_encoded": "{\"prod_type__name\": \"Commerce\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 480,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "329",
- "object_id_int": 329,
- "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
- "description": "",
- "content": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None 822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1 /vagrant/go/src/govwa/vulnerability/csa/csa.go None None None None None None None None None None 329 N/A None BodgeIt ",
- "url": "/finding/329",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 481,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "330",
- "object_id_int": 330,
- "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
- "description": "",
- "content": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None 1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 330 N/A None BodgeIt ",
- "url": "/finding/330",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 482,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "342",
- "object_id_int": 342,
- "title": "Password Returned in Later Response",
- "description": "",
- "content": "Password Returned in Later Response None None None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None None None None None None None None None None None 342 None None BodgeIt ",
- "url": "/finding/342",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 483,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "304",
- "object_id_int": 304,
- "title": "Password Returned in Later Response",
- "description": "",
- "content": "Password Returned in Later Response None None None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None None None None None None None None None None None 304 None None BodgeIt ",
- "url": "/finding/304",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 484,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "314",
- "object_id_int": 314,
- "title": "SQL String Formatting-G201",
- "description": "",
- "content": "SQL String Formatting-G201 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n coming soon None None S2 None None 929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd /vagrant/go/src/govwa/vulnerability/sqli/function.go None None None None None None None None None None 314 N/A None BodgeIt ",
- "url": "/finding/314",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 485,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "328",
- "object_id_int": 328,
- "title": "Use of Weak Cryptographic Primitive-G401",
- "description": "",
- "content": "Use of Weak Cryptographic Primitive-G401 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None 409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692 /vagrant/go/src/govwa/vulnerability/csa/csa.go None None None None None None None None None None 328 N/A None BodgeIt ",
- "url": "/finding/328",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 486,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "319",
- "object_id_int": 319,
- "title": "Use of Weak Cryptographic Primitive-G401",
- "description": "",
- "content": "Use of Weak Cryptographic Primitive-G401 None None N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None 493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4 /vagrant/go/src/govwa/user/user.go None None None None None None None None None None 319 N/A None BodgeIt ",
- "url": "/finding/319",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 487,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "318",
- "object_id_int": 318,
- "title": "Use of Weak Cryptographic Primitive-G401",
- "description": "",
- "content": "Use of Weak Cryptographic Primitive-G401 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None 01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 318 N/A None BodgeIt ",
- "url": "/finding/318",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 488,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "333",
- "object_id_int": 333,
- "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "description": "",
- "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 333 N/A None BodgeIt ",
- "url": "/finding/333",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 489,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "337",
- "object_id_int": 337,
- "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "description": "",
- "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n coming soon None None S2 None None 2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66 /vagrant/go/src/govwa/util/template.go None None None None None None None None None None 337 N/A None BodgeIt ",
- "url": "/finding/337",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 490,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "310",
- "object_id_int": 310,
- "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "description": "",
- "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 310 N/A None BodgeIt ",
- "url": "/finding/310",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 491,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "325",
- "object_id_int": 325,
- "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "description": "",
- "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 325 N/A None BodgeIt ",
- "url": "/finding/325",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 492,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "311",
- "object_id_int": 311,
- "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "description": "",
- "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 311 N/A None BodgeIt ",
- "url": "/finding/311",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 493,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "324",
- "object_id_int": 324,
- "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
- "description": "",
- "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 324 N/A None BodgeIt ",
- "url": "/finding/324",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 494,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "101",
- "object_id_int": 101,
- "title": "CGI Reflected XSS All Clients (basket.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 101 N/A None BodgeIt ",
- "url": "/finding/101",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 495,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "233",
- "object_id_int": 233,
- "title": "CGI Reflected XSS All Clients (basket.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 233 N/A None BodgeIt ",
- "url": "/finding/233",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 496,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "134",
- "object_id_int": 134,
- "title": "CGI Reflected XSS All Clients (contact.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
- "url": "/finding/134",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 497,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "266",
- "object_id_int": 266,
- "title": "CGI Reflected XSS All Clients (contact.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
- "url": "/finding/266",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 498,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "170",
- "object_id_int": 170,
- "title": "CGI Reflected XSS All Clients (login.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 170 N/A None BodgeIt ",
- "url": "/finding/170",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 499,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "38",
- "object_id_int": 38,
- "title": "CGI Reflected XSS All Clients (login.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 38 N/A None BodgeIt ",
- "url": "/finding/38",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 500,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "15",
- "object_id_int": 15,
- "title": "CGI Reflected XSS All Clients (register.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 15 N/A None BodgeIt ",
- "url": "/finding/15",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 501,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "147",
- "object_id_int": 147,
- "title": "CGI Reflected XSS All Clients (register.jsp)",
- "description": "",
- "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 147 N/A None BodgeIt ",
- "url": "/finding/147",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 502,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "223",
- "object_id_int": 223,
- "title": "CGI Stored XSS (admin.jsp)",
- "description": "",
- "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 223 N/A None BodgeIt ",
- "url": "/finding/223",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 503,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "91",
- "object_id_int": 91,
- "title": "CGI Stored XSS (admin.jsp)",
- "description": "",
- "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 91 N/A None BodgeIt ",
- "url": "/finding/91",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 504,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "82",
- "object_id_int": 82,
- "title": "CGI Stored XSS (basket.jsp)",
- "description": "",
- "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 82 N/A None BodgeIt ",
- "url": "/finding/82",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 505,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "214",
- "object_id_int": 214,
- "title": "CGI Stored XSS (basket.jsp)",
- "description": "",
- "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 214 N/A None BodgeIt ",
- "url": "/finding/214",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 506,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "96",
- "object_id_int": 96,
- "title": "CGI Stored XSS (header.jsp)",
- "description": "",
- "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 96 N/A None BodgeIt ",
- "url": "/finding/96",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 507,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "228",
- "object_id_int": 228,
- "title": "CGI Stored XSS (header.jsp)",
- "description": "",
- "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 228 N/A None BodgeIt ",
- "url": "/finding/228",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 508,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "152",
- "object_id_int": 152,
- "title": "CGI Stored XSS (home.jsp)",
- "description": "",
- "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 152 N/A None BodgeIt ",
- "url": "/finding/152",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 509,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "20",
- "object_id_int": 20,
- "title": "CGI Stored XSS (home.jsp)",
- "description": "",
- "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 20 N/A None BodgeIt ",
- "url": "/finding/20",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 510,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "207",
- "object_id_int": 207,
- "title": "CGI Stored XSS (product.jsp)",
- "description": "",
- "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 207 N/A None BodgeIt ",
- "url": "/finding/207",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 511,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "75",
- "object_id_int": 75,
- "title": "CGI Stored XSS (product.jsp)",
- "description": "",
- "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 75 N/A None BodgeIt ",
- "url": "/finding/75",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 512,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "179",
- "object_id_int": 179,
- "title": "CGI Stored XSS (score.jsp)",
- "description": "",
- "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 179 N/A None BodgeIt ",
- "url": "/finding/179",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 513,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "47",
- "object_id_int": 47,
- "title": "CGI Stored XSS (score.jsp)",
- "description": "",
- "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 47 N/A None BodgeIt ",
- "url": "/finding/47",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 514,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "165",
- "object_id_int": 165,
- "title": "Client Cross Frame Scripting Attack (advanced.jsp)",
- "description": "",
- "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 165 N/A None BodgeIt ",
- "url": "/finding/165",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 515,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "33",
- "object_id_int": 33,
- "title": "Client Cross Frame Scripting Attack (advanced.jsp)",
- "description": "",
- "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 33 N/A None BodgeIt ",
- "url": "/finding/33",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 516,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "52",
- "object_id_int": 52,
- "title": "Download of Code Without Integrity Check (admin.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 52 N/A None BodgeIt ",
- "url": "/finding/52",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 517,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "184",
- "object_id_int": 184,
- "title": "Download of Code Without Integrity Check (admin.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 184 N/A None BodgeIt ",
- "url": "/finding/184",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 518,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "138",
- "object_id_int": 138,
- "title": "Download of Code Without Integrity Check (advanced.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 138 N/A None BodgeIt ",
- "url": "/finding/138",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 519,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "270",
- "object_id_int": 270,
- "title": "Download of Code Without Integrity Check (advanced.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 270 N/A None BodgeIt ",
- "url": "/finding/270",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 520,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "272",
- "object_id_int": 272,
- "title": "Download of Code Without Integrity Check (basket.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp None None None None None None None None None None 272 N/A None BodgeIt ",
- "url": "/finding/272",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 521,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "77",
- "object_id_int": 77,
- "title": "Download of Code Without Integrity Check (header.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 77 N/A None BodgeIt ",
- "url": "/finding/77",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 522,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "209",
- "object_id_int": 209,
- "title": "Download of Code Without Integrity Check (header.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 209 N/A None BodgeIt ",
- "url": "/finding/209",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 523,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "175",
- "object_id_int": 175,
- "title": "Download of Code Without Integrity Check (home.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 175 N/A None BodgeIt ",
- "url": "/finding/175",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 524,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "43",
- "object_id_int": 43,
- "title": "Download of Code Without Integrity Check (home.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 43 N/A None BodgeIt ",
- "url": "/finding/43",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 525,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "141",
- "object_id_int": 141,
- "title": "Download of Code Without Integrity Check (login.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 141 N/A None BodgeIt ",
- "url": "/finding/141",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 526,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "9",
- "object_id_int": 9,
- "title": "Download of Code Without Integrity Check (login.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 9 N/A None BodgeIt ",
- "url": "/finding/9",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 527,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "199",
- "object_id_int": 199,
- "title": "Download of Code Without Integrity Check (password.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 199 N/A None BodgeIt ",
- "url": "/finding/199",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 528,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "67",
- "object_id_int": 67,
- "title": "Download of Code Without Integrity Check (password.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 67 N/A None BodgeIt ",
- "url": "/finding/67",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 529,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "187",
- "object_id_int": 187,
- "title": "Download of Code Without Integrity Check (product.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 187 N/A None BodgeIt ",
- "url": "/finding/187",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 530,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "55",
- "object_id_int": 55,
- "title": "Download of Code Without Integrity Check (product.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 55 N/A None BodgeIt ",
- "url": "/finding/55",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 531,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "62",
- "object_id_int": 62,
- "title": "Download of Code Without Integrity Check (register.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 62 N/A None BodgeIt ",
- "url": "/finding/62",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 532,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "194",
- "object_id_int": 194,
- "title": "Download of Code Without Integrity Check (register.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 194 N/A None BodgeIt ",
- "url": "/finding/194",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 533,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "200",
- "object_id_int": 200,
- "title": "Download of Code Without Integrity Check (score.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 200 N/A None BodgeIt ",
- "url": "/finding/200",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 534,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "68",
- "object_id_int": 68,
- "title": "Download of Code Without Integrity Check (score.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 68 N/A None BodgeIt ",
- "url": "/finding/68",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 535,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "110",
- "object_id_int": 110,
- "title": "Download of Code Without Integrity Check (search.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 110 N/A None BodgeIt ",
- "url": "/finding/110",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 536,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "242",
- "object_id_int": 242,
- "title": "Download of Code Without Integrity Check (search.jsp)",
- "description": "",
- "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 242 N/A None BodgeIt ",
- "url": "/finding/242",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 537,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "117",
- "object_id_int": 117,
- "title": "Hardcoded Password in Connection String (advanced.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 117 N/A None BodgeIt ",
- "url": "/finding/117",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 538,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "249",
- "object_id_int": 249,
- "title": "Hardcoded Password in Connection String (advanced.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 249 N/A None BodgeIt ",
- "url": "/finding/249",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 539,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "50",
- "object_id_int": 50,
- "title": "Hardcoded Password in Connection String (basket.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 50 N/A None BodgeIt ",
- "url": "/finding/50",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 540,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "182",
- "object_id_int": 182,
- "title": "Hardcoded Password in Connection String (basket.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 182 N/A None BodgeIt ",
- "url": "/finding/182",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 541,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "40",
- "object_id_int": 40,
- "title": "Hardcoded Password in Connection String (contact.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 40 N/A None BodgeIt ",
- "url": "/finding/40",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 542,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "172",
- "object_id_int": 172,
- "title": "Hardcoded Password in Connection String (contact.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 172 N/A None BodgeIt ",
- "url": "/finding/172",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 543,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "173",
- "object_id_int": 173,
- "title": "Hardcoded Password in Connection String (dbconnection.jspf)",
- "description": "",
- "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 173 N/A None BodgeIt ",
- "url": "/finding/173",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 544,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "41",
- "object_id_int": 41,
- "title": "Hardcoded Password in Connection String (dbconnection.jspf)",
- "description": "",
- "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 41 N/A None BodgeIt ",
- "url": "/finding/41",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 545,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "24",
- "object_id_int": 24,
- "title": "Hardcoded Password in Connection String (home.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 24 N/A None BodgeIt ",
- "url": "/finding/24",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 546,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "156",
- "object_id_int": 156,
- "title": "Hardcoded Password in Connection String (home.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 156 N/A None BodgeIt ",
- "url": "/finding/156",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 547,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "59",
- "object_id_int": 59,
- "title": "Hardcoded Password in Connection String (init.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 59 N/A None BodgeIt ",
- "url": "/finding/59",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 548,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "191",
- "object_id_int": 191,
- "title": "Hardcoded Password in Connection String (init.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 191 N/A None BodgeIt ",
- "url": "/finding/191",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 549,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "248",
- "object_id_int": 248,
- "title": "Hardcoded Password in Connection String (login.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 248 N/A None BodgeIt ",
- "url": "/finding/248",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 550,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "116",
- "object_id_int": 116,
- "title": "Hardcoded Password in Connection String (login.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 116 N/A None BodgeIt ",
- "url": "/finding/116",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 551,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "34",
- "object_id_int": 34,
- "title": "Hardcoded Password in Connection String (password.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 34 N/A None BodgeIt ",
- "url": "/finding/34",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 552,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "166",
- "object_id_int": 166,
- "title": "Hardcoded Password in Connection String (password.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 166 N/A None BodgeIt ",
- "url": "/finding/166",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 553,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "148",
- "object_id_int": 148,
- "title": "Hardcoded Password in Connection String (product.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 148 N/A None BodgeIt ",
- "url": "/finding/148",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 554,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "16",
- "object_id_int": 16,
- "title": "Hardcoded Password in Connection String (product.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 16 N/A None BodgeIt ",
- "url": "/finding/16",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 555,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "81",
- "object_id_int": 81,
- "title": "Hardcoded Password in Connection String (search.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 81 N/A None BodgeIt ",
- "url": "/finding/81",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 556,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "213",
- "object_id_int": 213,
- "title": "Hardcoded Password in Connection String (search.jsp)",
- "description": "",
- "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 213 N/A None BodgeIt ",
- "url": "/finding/213",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 557,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "265",
- "object_id_int": 265,
- "title": "Heap Inspection (init.jsp)",
- "description": "",
- "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 265 N/A None BodgeIt ",
- "url": "/finding/265",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 558,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "133",
- "object_id_int": 133,
- "title": "Heap Inspection (init.jsp)",
- "description": "",
- "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 133 N/A None BodgeIt ",
- "url": "/finding/133",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 559,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "54",
- "object_id_int": 54,
- "title": "Heap Inspection (login.jsp)",
- "description": "",
- "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 54 N/A None BodgeIt ",
- "url": "/finding/54",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 560,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "186",
- "object_id_int": 186,
- "title": "Heap Inspection (login.jsp)",
- "description": "",
- "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 186 N/A None BodgeIt ",
- "url": "/finding/186",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 561,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "26",
- "object_id_int": 26,
- "title": "Heap Inspection (password.jsp)",
- "description": "",
- "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 26 N/A None BodgeIt ",
- "url": "/finding/26",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 562,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "158",
- "object_id_int": 158,
- "title": "Heap Inspection (password.jsp)",
- "description": "",
- "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 158 N/A None BodgeIt ",
- "url": "/finding/158",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 563,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "92",
- "object_id_int": 92,
- "title": "Heap Inspection (register.jsp)",
- "description": "",
- "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 92 N/A None BodgeIt ",
- "url": "/finding/92",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 564,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "224",
- "object_id_int": 224,
- "title": "Heap Inspection (register.jsp)",
- "description": "",
- "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 224 N/A None BodgeIt ",
- "url": "/finding/224",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 565,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "193",
- "object_id_int": 193,
- "title": "HttpOnlyCookies (basket.jsp)",
- "description": "",
- "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 193 N/A None BodgeIt ",
- "url": "/finding/193",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 566,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "61",
- "object_id_int": 61,
- "title": "HttpOnlyCookies (basket.jsp)",
- "description": "",
- "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 61 N/A None BodgeIt ",
- "url": "/finding/61",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 567,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "259",
- "object_id_int": 259,
- "title": "HttpOnlyCookies (login.jsp)",
- "description": "",
- "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 259 N/A None BodgeIt ",
- "url": "/finding/259",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 568,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "127",
- "object_id_int": 127,
- "title": "HttpOnlyCookies (login.jsp)",
- "description": "",
- "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 127 N/A None BodgeIt ",
- "url": "/finding/127",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 569,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "14",
- "object_id_int": 14,
- "title": "HttpOnlyCookies (register.jsp)",
- "description": "",
- "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 14 N/A None BodgeIt ",
- "url": "/finding/14",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 570,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "146",
- "object_id_int": 146,
- "title": "HttpOnlyCookies (register.jsp)",
- "description": "",
- "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 146 N/A None BodgeIt ",
- "url": "/finding/146",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 571,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "98",
- "object_id_int": 98,
- "title": "HttpOnlyCookies in Config (web.xml)",
- "description": "",
- "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 98 N/A None BodgeIt ",
- "url": "/finding/98",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 572,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "230",
- "object_id_int": 230,
- "title": "HttpOnlyCookies in Config (web.xml)",
- "description": "",
- "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 230 N/A None BodgeIt ",
- "url": "/finding/230",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 573,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "167",
- "object_id_int": 167,
- "title": "HttpOnlyCookies in Config (web.xml)",
- "description": "",
- "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 167 N/A None BodgeIt ",
- "url": "/finding/167",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 574,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "35",
- "object_id_int": 35,
- "title": "HttpOnlyCookies in Config (web.xml)",
- "description": "",
- "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 35 N/A None BodgeIt ",
- "url": "/finding/35",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 575,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "56",
- "object_id_int": 56,
- "title": "Session Fixation (AdvancedSearch.java)",
- "description": "",
- "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 56 N/A None BodgeIt ",
- "url": "/finding/56",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 576,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "188",
- "object_id_int": 188,
- "title": "Session Fixation (AdvancedSearch.java)",
- "description": "",
- "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 188 N/A None BodgeIt ",
- "url": "/finding/188",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 577,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "247",
- "object_id_int": 247,
- "title": "Session Fixation (logout.jsp)",
- "description": "",
- "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 247 N/A None BodgeIt ",
- "url": "/finding/247",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 578,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "115",
- "object_id_int": 115,
- "title": "Session Fixation (logout.jsp)",
- "description": "",
- "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 115 N/A None BodgeIt ",
- "url": "/finding/115",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 579,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "28",
- "object_id_int": 28,
- "title": "Trust Boundary Violation (login.jsp)",
- "description": "",
- "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 28 N/A None BodgeIt ",
- "url": "/finding/28",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 580,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "160",
- "object_id_int": 160,
- "title": "Trust Boundary Violation (login.jsp)",
- "description": "",
- "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 160 N/A None BodgeIt ",
- "url": "/finding/160",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 581,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "274",
- "object_id_int": 274,
- "title": "Use of Cryptographically Weak PRNG (contact.jsp)",
- "description": "",
- "content": "Use of Cryptographically Weak PRNG (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp None None None None None None None None None None 274 N/A None BodgeIt ",
- "url": "/finding/274",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 582,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "159",
- "object_id_int": 159,
- "title": "Use of Cryptographically Weak PRNG (home.jsp)",
- "description": "",
- "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 159 N/A None BodgeIt ",
- "url": "/finding/159",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 583,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "27",
- "object_id_int": 27,
- "title": "Use of Cryptographically Weak PRNG (home.jsp)",
- "description": "",
- "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 27 N/A None BodgeIt ",
- "url": "/finding/27",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 584,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "206",
- "object_id_int": 206,
- "title": "Use of Cryptographically Weak PRNG (init.jsp)",
- "description": "",
- "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 206 N/A None BodgeIt ",
- "url": "/finding/206",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 585,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "74",
- "object_id_int": 74,
- "title": "Use of Cryptographically Weak PRNG (init.jsp)",
- "description": "",
- "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 74 N/A None BodgeIt ",
- "url": "/finding/74",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 586,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "99",
- "object_id_int": 99,
- "title": "Use of Hard Coded Cryptographic Key (AES.java)",
- "description": "",
- "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 99 N/A None BodgeIt ",
- "url": "/finding/99",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 587,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "231",
- "object_id_int": 231,
- "title": "Use of Hard Coded Cryptographic Key (AES.java)",
- "description": "",
- "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 231 N/A None BodgeIt ",
- "url": "/finding/231",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 588,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "88",
- "object_id_int": 88,
- "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)",
- "description": "",
- "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 88 N/A None BodgeIt ",
- "url": "/finding/88",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 589,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "220",
- "object_id_int": 220,
- "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)",
- "description": "",
- "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 220 N/A None BodgeIt ",
- "url": "/finding/220",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 590,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "257",
- "object_id_int": 257,
- "title": "Use of Insufficiently Random Values (contact.jsp)",
- "description": "",
- "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 257 N/A None BodgeIt ",
- "url": "/finding/257",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 591,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "125",
- "object_id_int": 125,
- "title": "Use of Insufficiently Random Values (contact.jsp)",
- "description": "",
- "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 125 N/A None BodgeIt ",
- "url": "/finding/125",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 592,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "277",
- "object_id_int": 277,
- "title": "Use of Insufficiently Random Values (home.jsp)",
- "description": "",
- "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None None None None 277 N/A None BodgeIt ",
- "url": "/finding/277",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 593,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "83",
- "object_id_int": 83,
- "title": "Use of Insufficiently Random Values (init.jsp)",
- "description": "",
- "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 83 N/A None BodgeIt ",
- "url": "/finding/83",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 594,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "215",
- "object_id_int": 215,
- "title": "Use of Insufficiently Random Values (init.jsp)",
- "description": "",
- "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 215 N/A None BodgeIt ",
- "url": "/finding/215",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 595,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "269",
- "object_id_int": 269,
- "title": "XSRF (password.jsp)",
- "description": "",
- "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 269 N/A None BodgeIt ",
- "url": "/finding/269",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 596,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "137",
- "object_id_int": 137,
- "title": "XSRF (password.jsp)",
- "description": "",
- "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 137 N/A None BodgeIt ",
- "url": "/finding/137",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 597,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "323",
- "object_id_int": 323,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n coming soon None None S3 None None 2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95 /vagrant/go/src/govwa/app.go None None None None None None None None None None 323 N/A None BodgeIt ",
- "url": "/finding/323",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 598,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "332",
- "object_id_int": 332,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 332 N/A None BodgeIt ",
- "url": "/finding/332",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 599,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "321",
- "object_id_int": 321,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n coming soon None None S3 None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go None None None None None None None None None None 321 N/A None BodgeIt ",
- "url": "/finding/321",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 600,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "326",
- "object_id_int": 326,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n coming soon None None S3 None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go None None None None None None None None None None 326 N/A None BodgeIt ",
- "url": "/finding/326",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 601,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "327",
- "object_id_int": 327,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n coming soon None None S3 None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go None None None None None None None None None None 327 N/A None BodgeIt ",
- "url": "/finding/327",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 602,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "317",
- "object_id_int": 317,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None 847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af /vagrant/go/src/govwa/vulnerability/csa/csa.go None None None None None None None None None None 317 N/A None BodgeIt ",
- "url": "/finding/317",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 603,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "313",
- "object_id_int": 313,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 313 N/A None BodgeIt ",
- "url": "/finding/313",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 604,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "320",
- "object_id_int": 320,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n coming soon None None S3 None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go None None None None None None None None None None 320 N/A None BodgeIt ",
- "url": "/finding/320",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 605,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "312",
- "object_id_int": 312,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 312 N/A None BodgeIt ",
- "url": "/finding/312",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 606,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "316",
- "object_id_int": 316,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 316 N/A None BodgeIt ",
- "url": "/finding/316",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 607,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "331",
- "object_id_int": 331,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n coming soon None None S3 None None 9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a /vagrant/go/src/govwa/util/cookie.go None None None None None None None None None None 331 N/A None BodgeIt ",
- "url": "/finding/331",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 608,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "336",
- "object_id_int": 336,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n coming soon None None S3 None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go None None None None None None None None None None 336 N/A None BodgeIt ",
- "url": "/finding/336",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 609,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "322",
- "object_id_int": 322,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n coming soon None None S3 None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go None None None None None None None None None None 322 N/A None BodgeIt ",
- "url": "/finding/322",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 610,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "335",
- "object_id_int": 335,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None 27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa /vagrant/go/src/govwa/user/user.go None None None None None None None None None None 335 N/A None BodgeIt ",
- "url": "/finding/335",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 611,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "334",
- "object_id_int": 334,
- "title": "Errors Unhandled.-G104",
- "description": "",
- "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 334 N/A None BodgeIt ",
- "url": "/finding/334",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 612,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "300",
- "object_id_int": 300,
- "title": "Password Field With Autocomplete Enabled",
- "description": "",
- "content": "Password Field With Autocomplete Enabled None None None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 300 None None BodgeIt ",
- "url": "/finding/300",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 613,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "338",
- "object_id_int": 338,
- "title": "Password Field With Autocomplete Enabled",
- "description": "",
- "content": "Password Field With Autocomplete Enabled None None None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 338 None None BodgeIt ",
- "url": "/finding/338",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 614,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "284",
- "object_id_int": 284,
- "title": "URL Request Gets Path From Variable",
- "description": "",
- "content": "URL Request Gets Path From Variable None None None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None None None None None None None None None None None 284 None None BodgeIt ",
- "url": "/finding/284",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 615,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "295",
- "object_id_int": 295,
- "title": "URL Request Gets Path From Variable",
- "description": "",
- "content": "URL Request Gets Path From Variable None None None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None None None None None None None None None None None 295 None None BodgeIt ",
- "url": "/finding/295",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 616,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "292",
- "object_id_int": 292,
- "title": "URL Request Gets Path From Variable",
- "description": "",
- "content": "URL Request Gets Path From Variable None None None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n None None None S3 None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None None None None None None None None None None None 292 None None BodgeIt ",
- "url": "/finding/292",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 617,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "303",
- "object_id_int": 303,
- "title": "Unencrypted Communications",
- "description": "",
- "content": "Unencrypted Communications None None None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None None None None None None None None None None None 303 None None BodgeIt ",
- "url": "/finding/303",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 618,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "341",
- "object_id_int": 341,
- "title": "Unencrypted Communications",
- "description": "",
- "content": "Unencrypted Communications None None None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None None None None None None None None None None None 341 None None BodgeIt ",
- "url": "/finding/341",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 619,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "229",
- "object_id_int": 229,
- "title": "Blind SQL Injections (basket.jsp)",
- "description": "",
- "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 229 N/A None BodgeIt ",
- "url": "/finding/229",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 620,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "97",
- "object_id_int": 97,
- "title": "Blind SQL Injections (basket.jsp)",
- "description": "",
- "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 97 N/A None BodgeIt ",
- "url": "/finding/97",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 621,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "79",
- "object_id_int": 79,
- "title": "Blind SQL Injections (login.jsp)",
- "description": "",
- "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 79 N/A None BodgeIt ",
- "url": "/finding/79",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 622,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "211",
- "object_id_int": 211,
- "title": "Blind SQL Injections (login.jsp)",
- "description": "",
- "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 211 N/A None BodgeIt ",
- "url": "/finding/211",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 623,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "157",
- "object_id_int": 157,
- "title": "Blind SQL Injections (password.jsp)",
- "description": "",
- "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 157 N/A None BodgeIt ",
- "url": "/finding/157",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 624,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "25",
- "object_id_int": 25,
- "title": "Blind SQL Injections (password.jsp)",
- "description": "",
- "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 25 N/A None BodgeIt ",
- "url": "/finding/25",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 625,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "240",
- "object_id_int": 240,
- "title": "Blind SQL Injections (register.jsp)",
- "description": "",
- "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 240 N/A None BodgeIt ",
- "url": "/finding/240",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 626,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "108",
- "object_id_int": 108,
- "title": "Blind SQL Injections (register.jsp)",
- "description": "",
- "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 108 N/A None BodgeIt ",
- "url": "/finding/108",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 627,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "80",
- "object_id_int": 80,
- "title": "Client DOM Open Redirect (advanced.jsp)",
- "description": "",
- "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 80 N/A None BodgeIt ",
- "url": "/finding/80",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 628,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "212",
- "object_id_int": 212,
- "title": "Client DOM Open Redirect (advanced.jsp)",
- "description": "",
- "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 212 N/A None BodgeIt ",
- "url": "/finding/212",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 629,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "149",
- "object_id_int": 149,
- "title": "Client Insecure Randomness (encryption.js)",
- "description": "",
- "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 149 N/A None BodgeIt ",
- "url": "/finding/149",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 630,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "17",
- "object_id_int": 17,
- "title": "Client Insecure Randomness (encryption.js)",
- "description": "",
- "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 17 N/A None BodgeIt ",
- "url": "/finding/17",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 631,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "22",
- "object_id_int": 22,
- "title": "Collapse of Data Into Unsafe Value (contact.jsp)",
- "description": "",
- "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"",
- "url": "/finding/22",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 632,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "154",
- "object_id_int": 154,
- "title": "Collapse of Data Into Unsafe Value (contact.jsp)",
- "description": "",
- "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"",
- "url": "/finding/154",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 633,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "178",
- "object_id_int": 178,
- "title": "Empty Password in Connection String (advanced.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 178 N/A None BodgeIt ",
- "url": "/finding/178",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 634,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "46",
- "object_id_int": 46,
- "title": "Empty Password in Connection String (advanced.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 46 N/A None BodgeIt ",
- "url": "/finding/46",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 635,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "267",
- "object_id_int": 267,
- "title": "Empty Password in Connection String (contact.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 267 N/A None BodgeIt ",
- "url": "/finding/267",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 636,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "135",
- "object_id_int": 135,
- "title": "Empty Password in Connection String (contact.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 135 N/A None BodgeIt ",
- "url": "/finding/135",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 637,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "190",
- "object_id_int": 190,
- "title": "Empty Password in Connection String (dbconnection.jspf)",
- "description": "",
- "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 190 N/A None BodgeIt ",
- "url": "/finding/190",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 638,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "58",
- "object_id_int": 58,
- "title": "Empty Password in Connection String (dbconnection.jspf)",
- "description": "",
- "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 58 N/A None BodgeIt ",
- "url": "/finding/58",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 639,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "71",
- "object_id_int": 71,
- "title": "Empty Password in Connection String (header.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 71 N/A None BodgeIt ",
- "url": "/finding/71",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 640,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "203",
- "object_id_int": 203,
- "title": "Empty Password in Connection String (header.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 203 N/A None BodgeIt ",
- "url": "/finding/203",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 641,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "64",
- "object_id_int": 64,
- "title": "Empty Password in Connection String (home.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 64 N/A None BodgeIt ",
- "url": "/finding/64",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 642,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "196",
- "object_id_int": 196,
- "title": "Empty Password in Connection String (home.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 196 N/A None BodgeIt ",
- "url": "/finding/196",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 643,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "53",
- "object_id_int": 53,
- "title": "Empty Password in Connection String (init.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 53 N/A None BodgeIt ",
- "url": "/finding/53",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 644,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "185",
- "object_id_int": 185,
- "title": "Empty Password in Connection String (init.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 185 N/A None BodgeIt ",
- "url": "/finding/185",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 645,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "123",
- "object_id_int": 123,
- "title": "Empty Password in Connection String (login.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 123 N/A None BodgeIt ",
- "url": "/finding/123",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 646,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "255",
- "object_id_int": 255,
- "title": "Empty Password in Connection String (login.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 255 N/A None BodgeIt ",
- "url": "/finding/255",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 647,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "31",
- "object_id_int": 31,
- "title": "Empty Password in Connection String (product.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 31 N/A None BodgeIt ",
- "url": "/finding/31",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 648,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "163",
- "object_id_int": 163,
- "title": "Empty Password in Connection String (product.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 163 N/A None BodgeIt ",
- "url": "/finding/163",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 649,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "42",
- "object_id_int": 42,
- "title": "Empty Password in Connection String (register.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 42 N/A None BodgeIt ",
- "url": "/finding/42",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 650,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "174",
- "object_id_int": 174,
- "title": "Empty Password in Connection String (register.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 174 N/A None BodgeIt ",
- "url": "/finding/174",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 651,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "120",
- "object_id_int": 120,
- "title": "Empty Password in Connection String (score.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 120 N/A None BodgeIt ",
- "url": "/finding/120",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 652,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "252",
- "object_id_int": 252,
- "title": "Empty Password in Connection String (score.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 252 N/A None BodgeIt ",
- "url": "/finding/252",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 653,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "244",
- "object_id_int": 244,
- "title": "Empty Password in Connection String (search.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 244 N/A None BodgeIt ",
- "url": "/finding/244",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 654,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "112",
- "object_id_int": 112,
- "title": "Empty Password in Connection String (search.jsp)",
- "description": "",
- "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 112 N/A None BodgeIt ",
- "url": "/finding/112",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 655,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "204",
- "object_id_int": 204,
- "title": "Improper Resource Access Authorization (FunctionalZAP.java)",
- "description": "",
- "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 204 N/A None BodgeIt ",
- "url": "/finding/204",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 656,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "72",
- "object_id_int": 72,
- "title": "Improper Resource Access Authorization (FunctionalZAP.java)",
- "description": "",
- "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 72 N/A None BodgeIt ",
- "url": "/finding/72",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 657,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "273",
- "object_id_int": 273,
- "title": "Improper Resource Access Authorization (admin.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp None None None None None None None None None None 273 N/A None BodgeIt ",
- "url": "/finding/273",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 658,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "201",
- "object_id_int": 201,
- "title": "Improper Resource Access Authorization (basket.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 201 N/A None BodgeIt ",
- "url": "/finding/201",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 659,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "69",
- "object_id_int": 69,
- "title": "Improper Resource Access Authorization (basket.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 69 N/A None BodgeIt ",
- "url": "/finding/69",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 660,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "119",
- "object_id_int": 119,
- "title": "Improper Resource Access Authorization (header.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 119 N/A None BodgeIt ",
- "url": "/finding/119",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 661,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "251",
- "object_id_int": 251,
- "title": "Improper Resource Access Authorization (header.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 251 N/A None BodgeIt ",
- "url": "/finding/251",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 662,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "237",
- "object_id_int": 237,
- "title": "Improper Resource Access Authorization (home.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 237 N/A None BodgeIt ",
- "url": "/finding/237",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 663,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "105",
- "object_id_int": 105,
- "title": "Improper Resource Access Authorization (home.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 105 N/A None BodgeIt ",
- "url": "/finding/105",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 664,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "95",
- "object_id_int": 95,
- "title": "Improper Resource Access Authorization (init.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 95 N/A None BodgeIt ",
- "url": "/finding/95",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 665,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "227",
- "object_id_int": 227,
- "title": "Improper Resource Access Authorization (init.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 227 N/A None BodgeIt ",
- "url": "/finding/227",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 666,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "250",
- "object_id_int": 250,
- "title": "Improper Resource Access Authorization (login.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 250 N/A None BodgeIt ",
- "url": "/finding/250",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 667,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "118",
- "object_id_int": 118,
- "title": "Improper Resource Access Authorization (login.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 118 N/A None BodgeIt ",
- "url": "/finding/118",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 668,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "32",
- "object_id_int": 32,
- "title": "Improper Resource Access Authorization (password.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 32 N/A None BodgeIt ",
- "url": "/finding/32",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 669,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "164",
- "object_id_int": 164,
- "title": "Improper Resource Access Authorization (password.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 164 N/A None BodgeIt ",
- "url": "/finding/164",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 670,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "198",
- "object_id_int": 198,
- "title": "Improper Resource Access Authorization (product.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 198 N/A None BodgeIt ",
- "url": "/finding/198",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 671,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "66",
- "object_id_int": 66,
- "title": "Improper Resource Access Authorization (product.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 66 N/A None BodgeIt ",
- "url": "/finding/66",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 672,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "271",
- "object_id_int": 271,
- "title": "Improper Resource Access Authorization (register.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 271 N/A None BodgeIt ",
- "url": "/finding/271",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 673,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "139",
- "object_id_int": 139,
- "title": "Improper Resource Access Authorization (register.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 139 N/A None BodgeIt ",
- "url": "/finding/139",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 674,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "246",
- "object_id_int": 246,
- "title": "Improper Resource Access Authorization (score.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 246 N/A None BodgeIt ",
- "url": "/finding/246",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 675,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "114",
- "object_id_int": 114,
- "title": "Improper Resource Access Authorization (score.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 114 N/A None BodgeIt ",
- "url": "/finding/114",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 676,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "104",
- "object_id_int": 104,
- "title": "Improper Resource Access Authorization (search.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 104 N/A None BodgeIt ",
- "url": "/finding/104",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 677,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "236",
- "object_id_int": 236,
- "title": "Improper Resource Access Authorization (search.jsp)",
- "description": "",
- "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 236 N/A None BodgeIt ",
- "url": "/finding/236",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 678,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "36",
- "object_id_int": 36,
- "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 36 N/A None BodgeIt ",
- "url": "/finding/36",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 679,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "168",
- "object_id_int": 168,
- "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 168 N/A None BodgeIt ",
- "url": "/finding/168",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 680,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "106",
- "object_id_int": 106,
- "title": "Improper Resource Shutdown or Release (admin.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 106 N/A None BodgeIt ",
- "url": "/finding/106",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 681,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "238",
- "object_id_int": 238,
- "title": "Improper Resource Shutdown or Release (admin.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 238 N/A None BodgeIt ",
- "url": "/finding/238",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 682,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "245",
- "object_id_int": 245,
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 245 N/A None BodgeIt ",
- "url": "/finding/245",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 683,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "132",
- "object_id_int": 132,
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 132 N/A None BodgeIt ",
- "url": "/finding/132",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 684,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "210",
- "object_id_int": 210,
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 210 N/A None BodgeIt ",
- "url": "/finding/210",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 685,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "113",
- "object_id_int": 113,
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 113 N/A None BodgeIt ",
- "url": "/finding/113",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 686,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "78",
- "object_id_int": 78,
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 78 N/A None BodgeIt ",
- "url": "/finding/78",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 687,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "264",
- "object_id_int": 264,
- "title": "Improper Resource Shutdown or Release (basket.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 264 N/A None BodgeIt ",
- "url": "/finding/264",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 688,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "275",
- "object_id_int": 275,
- "title": "Improper Resource Shutdown or Release (contact.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp None None None None None None None None None None 275 N/A None BodgeIt ",
- "url": "/finding/275",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 689,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "144",
- "object_id_int": 144,
- "title": "Improper Resource Shutdown or Release (home.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 144 N/A None BodgeIt ",
- "url": "/finding/144",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 690,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "12",
- "object_id_int": 12,
- "title": "Improper Resource Shutdown or Release (home.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 12 N/A None BodgeIt ",
- "url": "/finding/12",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 691,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "76",
- "object_id_int": 76,
- "title": "Improper Resource Shutdown or Release (init.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 76 N/A None BodgeIt ",
- "url": "/finding/76",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 692,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "208",
- "object_id_int": 208,
- "title": "Improper Resource Shutdown or Release (init.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 208 N/A None BodgeIt ",
- "url": "/finding/208",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 693,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "253",
- "object_id_int": 253,
- "title": "Improper Resource Shutdown or Release (password.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 253 N/A None BodgeIt ",
- "url": "/finding/253",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 694,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "121",
- "object_id_int": 121,
- "title": "Improper Resource Shutdown or Release (password.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 121 N/A None BodgeIt ",
- "url": "/finding/121",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 695,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "122",
- "object_id_int": 122,
- "title": "Improper Resource Shutdown or Release (product.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 122 N/A None BodgeIt ",
- "url": "/finding/122",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 696,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "254",
- "object_id_int": 254,
- "title": "Improper Resource Shutdown or Release (product.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 254 N/A None BodgeIt ",
- "url": "/finding/254",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 697,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "232",
- "object_id_int": 232,
- "title": "Improper Resource Shutdown or Release (score.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 232 N/A None BodgeIt ",
- "url": "/finding/232",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 698,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "100",
- "object_id_int": 100,
- "title": "Improper Resource Shutdown or Release (score.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 100 N/A None BodgeIt ",
- "url": "/finding/100",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 699,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "93",
- "object_id_int": 93,
- "title": "Improper Resource Shutdown or Release (search.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 93 N/A None BodgeIt ",
- "url": "/finding/93",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 700,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "225",
- "object_id_int": 225,
- "title": "Improper Resource Shutdown or Release (search.jsp)",
- "description": "",
- "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 225 N/A None BodgeIt ",
- "url": "/finding/225",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 701,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "143",
- "object_id_int": 143,
- "title": "Information Exposure Through an Error Message (AdvancedSearch.java)",
- "description": "",
- "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 143 N/A None BodgeIt ",
- "url": "/finding/143",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 702,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "11",
- "object_id_int": 11,
- "title": "Information Exposure Through an Error Message (AdvancedSearch.java)",
- "description": "",
- "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 11 N/A None BodgeIt ",
- "url": "/finding/11",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 703,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "29",
- "object_id_int": 29,
- "title": "Information Exposure Through an Error Message (admin.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 29 N/A None BodgeIt ",
- "url": "/finding/29",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 704,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "161",
- "object_id_int": 161,
- "title": "Information Exposure Through an Error Message (admin.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 161 N/A None BodgeIt ",
- "url": "/finding/161",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 705,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "235",
- "object_id_int": 235,
- "title": "Information Exposure Through an Error Message (basket.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 235 N/A None BodgeIt ",
- "url": "/finding/235",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 706,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "103",
- "object_id_int": 103,
- "title": "Information Exposure Through an Error Message (basket.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 103 N/A None BodgeIt ",
- "url": "/finding/103",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 707,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "49",
- "object_id_int": 49,
- "title": "Information Exposure Through an Error Message (contact.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 49 N/A None BodgeIt ",
- "url": "/finding/49",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 708,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "181",
- "object_id_int": 181,
- "title": "Information Exposure Through an Error Message (contact.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 181 N/A None BodgeIt ",
- "url": "/finding/181",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 709,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "129",
- "object_id_int": 129,
- "title": "Information Exposure Through an Error Message (header.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 129 N/A None BodgeIt ",
- "url": "/finding/129",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 710,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "261",
- "object_id_int": 261,
- "title": "Information Exposure Through an Error Message (header.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 261 N/A None BodgeIt ",
- "url": "/finding/261",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 711,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "176",
- "object_id_int": 176,
- "title": "Information Exposure Through an Error Message (home.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 176 N/A None BodgeIt ",
- "url": "/finding/176",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 712,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "44",
- "object_id_int": 44,
- "title": "Information Exposure Through an Error Message (home.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 44 N/A None BodgeIt ",
- "url": "/finding/44",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 713,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "256",
- "object_id_int": 256,
- "title": "Information Exposure Through an Error Message (login.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 256 N/A None BodgeIt ",
- "url": "/finding/256",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 714,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "124",
- "object_id_int": 124,
- "title": "Information Exposure Through an Error Message (login.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 124 N/A None BodgeIt ",
- "url": "/finding/124",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 715,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "136",
- "object_id_int": 136,
- "title": "Information Exposure Through an Error Message (product.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 136 N/A None BodgeIt ",
- "url": "/finding/136",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 716,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "268",
- "object_id_int": 268,
- "title": "Information Exposure Through an Error Message (product.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 268 N/A None BodgeIt ",
- "url": "/finding/268",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 717,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "94",
- "object_id_int": 94,
- "title": "Information Exposure Through an Error Message (register.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 94 N/A None BodgeIt ",
- "url": "/finding/94",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 718,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "226",
- "object_id_int": 226,
- "title": "Information Exposure Through an Error Message (register.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 226 N/A None BodgeIt ",
- "url": "/finding/226",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 719,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "219",
- "object_id_int": 219,
- "title": "Information Exposure Through an Error Message (score.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 219 N/A None BodgeIt ",
- "url": "/finding/219",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 720,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "87",
- "object_id_int": 87,
- "title": "Information Exposure Through an Error Message (score.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 87 N/A None BodgeIt ",
- "url": "/finding/87",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 721,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "107",
- "object_id_int": 107,
- "title": "Information Exposure Through an Error Message (search.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 107 N/A None BodgeIt ",
- "url": "/finding/107",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 722,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "239",
- "object_id_int": 239,
- "title": "Information Exposure Through an Error Message (search.jsp)",
- "description": "",
- "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 239 N/A None BodgeIt ",
- "url": "/finding/239",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 723,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "84",
- "object_id_int": 84,
- "title": "Missing X Frame Options (web.xml)",
- "description": "",
- "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 84 N/A None BodgeIt ",
- "url": "/finding/84",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 724,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "142",
- "object_id_int": 142,
- "title": "Missing X Frame Options (web.xml)",
- "description": "",
- "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 142 N/A None BodgeIt ",
- "url": "/finding/142",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 725,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "216",
- "object_id_int": 216,
- "title": "Missing X Frame Options (web.xml)",
- "description": "",
- "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 216 N/A None BodgeIt ",
- "url": "/finding/216",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 726,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "10",
- "object_id_int": 10,
- "title": "Missing X Frame Options (web.xml)",
- "description": "",
- "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 10 N/A None BodgeIt ",
- "url": "/finding/10",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 727,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "153",
- "object_id_int": 153,
- "title": "Not Using a Random IV With CBC Mode (AES.java)",
- "description": "",
- "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 153 N/A None BodgeIt ",
- "url": "/finding/153",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 728,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "21",
- "object_id_int": 21,
- "title": "Not Using a Random IV With CBC Mode (AES.java)",
- "description": "",
- "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 21 N/A None BodgeIt ",
- "url": "/finding/21",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 729,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "180",
- "object_id_int": 180,
- "title": "Plaintext Storage in a Cookie (basket.jsp)",
- "description": "",
- "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 180 N/A None BodgeIt ",
- "url": "/finding/180",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 730,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "48",
- "object_id_int": 48,
- "title": "Plaintext Storage in a Cookie (basket.jsp)",
- "description": "",
- "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 48 N/A None BodgeIt ",
- "url": "/finding/48",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 731,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "70",
- "object_id_int": 70,
- "title": "Race Condition Format Flaw (basket.jsp)",
- "description": "",
- "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 70 N/A None BodgeIt ",
- "url": "/finding/70",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 732,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "202",
- "object_id_int": 202,
- "title": "Race Condition Format Flaw (basket.jsp)",
- "description": "",
- "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 202 N/A None BodgeIt ",
- "url": "/finding/202",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 733,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "130",
- "object_id_int": 130,
- "title": "Race Condition Format Flaw (product.jsp)",
- "description": "",
- "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 130 N/A None BodgeIt ",
- "url": "/finding/130",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 734,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "262",
- "object_id_int": 262,
- "title": "Race Condition Format Flaw (product.jsp)",
- "description": "",
- "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 262 N/A None BodgeIt ",
- "url": "/finding/262",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 735,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "30",
- "object_id_int": 30,
- "title": "Reliance on Cookies in a Decision (basket.jsp)",
- "description": "",
- "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 30 N/A None BodgeIt ",
- "url": "/finding/30",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 736,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "162",
- "object_id_int": 162,
- "title": "Reliance on Cookies in a Decision (basket.jsp)",
- "description": "",
- "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 162 N/A None BodgeIt ",
- "url": "/finding/162",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 737,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "109",
- "object_id_int": 109,
- "title": "Reliance on Cookies in a Decision (login.jsp)",
- "description": "",
- "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 109 N/A None BodgeIt ",
- "url": "/finding/109",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 738,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "241",
- "object_id_int": 241,
- "title": "Reliance on Cookies in a Decision (login.jsp)",
- "description": "",
- "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 241 N/A None BodgeIt ",
- "url": "/finding/241",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 739,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "221",
- "object_id_int": 221,
- "title": "Reliance on Cookies in a Decision (register.jsp)",
- "description": "",
- "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 221 N/A None BodgeIt ",
- "url": "/finding/221",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 740,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "89",
- "object_id_int": 89,
- "title": "Reliance on Cookies in a Decision (register.jsp)",
- "description": "",
- "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 89 N/A None BodgeIt ",
- "url": "/finding/89",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 741,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "218",
- "object_id_int": 218,
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
- "description": "",
- "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 218 N/A None BodgeIt ",
- "url": "/finding/218",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 742,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "86",
- "object_id_int": 86,
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
- "description": "",
- "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 86 N/A None BodgeIt ",
- "url": "/finding/86",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 743,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "37",
- "object_id_int": 37,
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
- "description": "",
- "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 37 N/A None BodgeIt ",
- "url": "/finding/37",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 744,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "169",
- "object_id_int": 169,
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
- "description": "",
- "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 169 N/A None BodgeIt ",
- "url": "/finding/169",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 745,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "128",
- "object_id_int": 128,
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
- "description": "",
- "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 128 N/A None BodgeIt ",
- "url": "/finding/128",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 746,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "260",
- "object_id_int": 260,
- "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
- "description": "",
- "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 260 N/A None BodgeIt ",
- "url": "/finding/260",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 747,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "23",
- "object_id_int": 23,
- "title": "Stored Boundary Violation (login.jsp)",
- "description": "",
- "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 23 N/A None BodgeIt ",
- "url": "/finding/23",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 748,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "155",
- "object_id_int": 155,
- "title": "Stored Boundary Violation (login.jsp)",
- "description": "",
- "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 155 N/A None BodgeIt ",
- "url": "/finding/155",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 749,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "205",
- "object_id_int": 205,
- "title": "Suspected XSS (contact.jsp)",
- "description": "",
- "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 205 N/A None BodgeIt ",
- "url": "/finding/205",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 750,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "73",
- "object_id_int": 73,
- "title": "Suspected XSS (contact.jsp)",
- "description": "",
- "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 73 N/A None BodgeIt ",
- "url": "/finding/73",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 751,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "171",
- "object_id_int": 171,
- "title": "Suspected XSS (password.jsp)",
- "description": "",
- "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 171 N/A None BodgeIt ",
- "url": "/finding/171",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 752,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "39",
- "object_id_int": 39,
- "title": "Suspected XSS (password.jsp)",
- "description": "",
- "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 39 N/A None BodgeIt ",
- "url": "/finding/39",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 753,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "243",
- "object_id_int": 243,
- "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)",
- "description": "",
- "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 243 N/A None BodgeIt ",
- "url": "/finding/243",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 754,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "111",
- "object_id_int": 111,
- "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)",
- "description": "",
- "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 111 N/A None BodgeIt ",
- "url": "/finding/111",
- "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 755,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "282",
- "object_id_int": 282,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 282 None None BodgeIt ",
- "url": "/finding/282",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 756,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "299",
- "object_id_int": 299,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 299 None None BodgeIt ",
- "url": "/finding/299",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 757,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "298",
- "object_id_int": 298,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 298 None None BodgeIt ",
- "url": "/finding/298",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 758,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "294",
- "object_id_int": 294,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 294 None None BodgeIt ",
- "url": "/finding/294",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 759,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "293",
- "object_id_int": 293,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 293 None None BodgeIt ",
- "url": "/finding/293",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 760,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "291",
- "object_id_int": 291,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 291 None None BodgeIt ",
- "url": "/finding/291",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 761,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "290",
- "object_id_int": 290,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 290 None None BodgeIt ",
- "url": "/finding/290",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 762,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "289",
- "object_id_int": 289,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 289 None None BodgeIt ",
- "url": "/finding/289",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 763,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "287",
- "object_id_int": 287,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 287 None None BodgeIt ",
- "url": "/finding/287",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 764,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "286",
- "object_id_int": 286,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 286 None None BodgeIt ",
- "url": "/finding/286",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 765,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "297",
- "object_id_int": 297,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 297 None None BodgeIt ",
- "url": "/finding/297",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 766,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "285",
- "object_id_int": 285,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 285 None None BodgeIt ",
- "url": "/finding/285",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 767,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "296",
- "object_id_int": 296,
- "title": "Comment Indicates Potentially Unfinished Code",
- "description": "",
- "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 296 None None BodgeIt ",
- "url": "/finding/296",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 768,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "306",
- "object_id_int": 306,
- "title": "Cross-Site Request Forgery",
- "description": "",
- "content": "Cross-Site Request Forgery None None None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None None None None None None None None None None None 306 None None BodgeIt ",
- "url": "/finding/306",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 769,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "344",
- "object_id_int": 344,
- "title": "Cross-Site Request Forgery",
- "description": "",
- "content": "Cross-Site Request Forgery None None None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None None None None None None None None None None None 344 None None BodgeIt ",
- "url": "/finding/344",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 770,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "343",
- "object_id_int": 343,
- "title": "Email Addresses Disclosed",
- "description": "",
- "content": "Email Addresses Disclosed None None None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None None None None None None None None None None None 343 None None BodgeIt ",
- "url": "/finding/343",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 771,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "305",
- "object_id_int": 305,
- "title": "Email Addresses Disclosed",
- "description": "",
- "content": "Email Addresses Disclosed None None None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None None None None None None None None None None None 305 None None BodgeIt ",
- "url": "/finding/305",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 772,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "301",
- "object_id_int": 301,
- "title": "Frameable Response (Potential Clickjacking)",
- "description": "",
- "content": "Frameable Response (Potential Clickjacking) None None None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 301 None None BodgeIt ",
- "url": "/finding/301",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 773,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "339",
- "object_id_int": 339,
- "title": "Frameable Response (Potential Clickjacking)",
- "description": "",
- "content": "Frameable Response (Potential Clickjacking) None None None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 339 None None BodgeIt ",
- "url": "/finding/339",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 774,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "308",
- "object_id_int": 308,
- "title": "Path-Relative Style Sheet Import",
- "description": "",
- "content": "Path-Relative Style Sheet Import None None None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 308 None None BodgeIt ",
- "url": "/finding/308",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 775,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "346",
- "object_id_int": 346,
- "title": "Path-Relative Style Sheet Import",
- "description": "",
- "content": "Path-Relative Style Sheet Import None None None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 346 None None BodgeIt ",
- "url": "/finding/346",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "watson.searchentry",
- "pk": 776,
- "fields": {
- "engine_slug": "default",
- "content_type": 58,
- "object_id": "279",
- "object_id_int": 279,
- "title": "Test",
- "description": "",
- "content": "Test None None No url given Info asdf adf asdf No references given S4 None None df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5 None None None None None None None None None None None 279 No url given None Internal CRM App ",
- "url": "/finding/279",
- "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
- }
-},
-{
- "model": "authtoken.token",
- "pk": "184770c4c3256aba904297610fbb4da3fa15ba39",
- "fields": {
- "user": 2,
- "created": "2021-07-04T23:16:45.502Z"
- }
-},
-{
- "model": "authtoken.token",
- "pk": "548afd6fab3bea9794a41b31da0e9404f733e222",
- "fields": {
- "user": 1,
- "created": "2021-07-04T23:16:45.506Z"
- }
-},
-{
- "model": "authtoken.token",
- "pk": "6d45bc1d2e5cea8c4559edd68f910cc485f61708",
- "fields": {
- "user": 3,
- "created": "2021-07-04T23:16:45.509Z"
- }
+ "model": "dojo.textquestion",
+ "pk": 36,
+ "fields": {
+ "question_ptr": 36
+ }
+},
+{
+ "model": "dojo.textquestion",
+ "pk": 37,
+ "fields": {
+ "question_ptr": 37
+ }
+},
+{
+ "model": "dojo.textquestion",
+ "pk": 38,
+ "fields": {
+ "question_ptr": 38
+ }
+},
+{
+ "model": "dojo.textquestion",
+ "pk": 39,
+ "fields": {
+ "question_ptr": 39
+ }
+},
+{
+ "model": "dojo.textquestion",
+ "pk": 40,
+ "fields": {
+ "question_ptr": 40
+ }
+},
+{
+ "model": "dojo.textquestion",
+ "pk": 41,
+ "fields": {
+ "question_ptr": 41
+ }
+},
+{
+ "model": "dojo.textquestion",
+ "pk": 42,
+ "fields": {
+ "question_ptr": 42
+ }
+},
+{
+ "model": "dojo.textquestion",
+ "pk": 43,
+ "fields": {
+ "question_ptr": 43
+ }
+},
+{
+ "model": "dojo.engagement_survey",
+ "pk": 2,
+ "fields": {
+ "name": "Infrastructure",
+ "description": "Questions regarding the products physical infrastructure.",
+ "active": true,
+ "questions": [
+ 3,
+ 4,
+ 5,
+ 6,
+ 7,
+ 8,
+ 9,
+ 10,
+ 11,
+ 12
+ ]
+ }
+},
+{
+ "model": "dojo.engagement_survey",
+ "pk": 3,
+ "fields": {
+ "name": "Testing Preparation",
+ "description": "Tell us about the specific components that make up your application.",
+ "active": true,
+ "questions": [
+ 13,
+ 37,
+ 38,
+ 39,
+ 40,
+ 41,
+ 42,
+ 43
+ ]
+ }
+},
+{
+ "model": "dojo.engagement_survey",
+ "pk": 4,
+ "fields": {
+ "name": "Access Control",
+ "description": "Tell us about the access control configured for your application.",
+ "active": true,
+ "questions": [
+ 14,
+ 15,
+ 16,
+ 17,
+ 18,
+ 19,
+ 20
+ ]
+ }
+},
+{
+ "model": "dojo.engagement_survey",
+ "pk": 5,
+ "fields": {
+ "name": "Information Flow / Dependency Modeling",
+ "description": "Tell us how is your application used.",
+ "active": true,
+ "questions": [
+ 21,
+ 22,
+ 23,
+ 24
+ ]
+ }
+},
+{
+ "model": "dojo.engagement_survey",
+ "pk": 6,
+ "fields": {
+ "name": "Information Management",
+ "description": "Tell us what kind of data you are storing/managing.",
+ "active": true,
+ "questions": [
+ 25,
+ 26,
+ 27,
+ 28,
+ 29,
+ 30,
+ 31
+ ]
+ }
+},
+{
+ "model": "dojo.engagement_survey",
+ "pk": 7,
+ "fields": {
+ "name": "Inventory",
+ "description": "Give us detail about your application.",
+ "active": true,
+ "questions": [
+ 32,
+ 33,
+ 34,
+ 35,
+ 36
+ ]
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 1,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "report_type"
+ ],
+ "object_id": "1",
+ "object_id_int": 1,
+ "title": "Python How-to",
+ "description": "",
+ "content": "Python How-to test product 0 0 0",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 2,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "report_type"
+ ],
+ "object_id": "2",
+ "object_id_int": 2,
+ "title": "Security How-to",
+ "description": "",
+ "content": "Security How-to test product 0 0 0",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 3,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "report_type"
+ ],
+ "object_id": "3",
+ "object_id_int": 3,
+ "title": "Security Podcast",
+ "description": "",
+ "content": "Security Podcast test product 0 0 0",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 4,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "cred_user"
+ ],
+ "object_id": "3",
+ "object_id_int": 3,
+ "title": "Web Scan (Feb 18, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 5,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "cred_user"
+ ],
+ "object_id": "13",
+ "object_id_int": 13,
+ "title": "Web Scan (Mar 21, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 6,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "cred_user"
+ ],
+ "object_id": "14",
+ "object_id_int": 14,
+ "title": "Web Scan (Feb 18, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 7,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "stub_finding"
+ ],
+ "object_id": "2",
+ "object_id_int": 2,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 8,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "stub_finding"
+ ],
+ "object_id": "3",
+ "object_id_int": 3,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 9,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "stub_finding"
+ ],
+ "object_id": "4",
+ "object_id_int": 4,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 10,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "stub_finding"
+ ],
+ "object_id": "5",
+ "object_id_int": 5,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 11,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "stub_finding"
+ ],
+ "object_id": "6",
+ "object_id_int": 6,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 12,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "14",
+ "object_id_int": 14,
+ "title": "API Test (Feb 18, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 13,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "2",
+ "object_id_int": 2,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S4 None None None None None 91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 14,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "3",
+ "object_id_int": 3,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 15,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "4",
+ "object_id_int": 4,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 16,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "5",
+ "object_id_int": 5,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 17,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "6",
+ "object_id_int": 6,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH None None S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 18,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "7",
+ "object_id_int": 7,
+ "title": "DUMMY FINDING",
+ "description": "",
+ "content": "DUMMY FINDING http://www.example.com HIGH TEST finding MITIGATION HIGH None None S0 None None None None None c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 19,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "1",
+ "object_id_int": 1,
+ "title": "XSS template",
+ "description": "",
+ "content": "XSS template HIGH XSS test template None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 20,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "2",
+ "object_id_int": 2,
+ "title": "High Impact Test Finding",
+ "description": "",
+ "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62 None None None None None None None None None None 2 None None Internal CRM App ",
+ "url": "/finding/2",
+ "meta_encoded": "{\"status\": \"Inactive, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 21,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "3",
+ "object_id_int": 3,
+ "title": "High Impact Test Finding",
+ "description": "",
+ "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 3 None None Internal CRM App ",
+ "url": "/finding/3",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 22,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "8",
+ "object_id_int": 8,
+ "title": "http://localhost:8888//bodgeit/",
+ "description": "",
+ "content": "http None localhost /bodgeit/ None None",
+ "url": "/endpoint/8",
+ "meta_encoded": "{\"product__name\": \"BodgeIt\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 23,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "report_type"
+ ],
+ "object_id": "1",
+ "object_id_int": 1,
+ "title": "Python How-to",
+ "description": "",
+ "content": "Python How-to test product 0 0 0",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 24,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "report_type"
+ ],
+ "object_id": "2",
+ "object_id_int": 2,
+ "title": "Security How-to",
+ "description": "",
+ "content": "Security How-to test product 0 0 0",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 25,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "report_type"
+ ],
+ "object_id": "3",
+ "object_id_int": 3,
+ "title": "Security Podcast",
+ "description": "",
+ "content": "Security Podcast test product 0 0 0",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 26,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "cred_user"
+ ],
+ "object_id": "3",
+ "object_id_int": 3,
+ "title": "Web Scan (Feb 18, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 27,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "cred_user"
+ ],
+ "object_id": "13",
+ "object_id_int": 13,
+ "title": "Web Scan (Mar 21, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 28,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "cred_user"
+ ],
+ "object_id": "14",
+ "object_id_int": 14,
+ "title": "Web Scan (Feb 18, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 29,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "stub_finding"
+ ],
+ "object_id": "2",
+ "object_id_int": 2,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 30,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "stub_finding"
+ ],
+ "object_id": "3",
+ "object_id_int": 3,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 31,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "stub_finding"
+ ],
+ "object_id": "4",
+ "object_id_int": 4,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 32,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "stub_finding"
+ ],
+ "object_id": "5",
+ "object_id_int": 5,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 33,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "stub_finding"
+ ],
+ "object_id": "6",
+ "object_id_int": 6,
+ "title": "High Impact test finding",
+ "description": "",
+ "content": "High Impact test finding None HIGH test finding test mitigation HIGH S0 None None None None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 34,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "stub_finding"
+ ],
+ "object_id": "7",
+ "object_id_int": 7,
+ "title": "DUMMY FINDING",
+ "description": "",
+ "content": "DUMMY FINDING http://www.example.com HIGH TEST finding MITIGATION HIGH S0 None None None None None c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0 ",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 35,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_id": "2",
+ "object_id_int": 2,
+ "title": "Engagement: April Monthly Engagement (Jun 30, 2021)",
+ "description": "",
+ "content": "April Monthly Engagement Requested by the team for regular manual checkup by the security team. None None None Completed threat_model none none Interactive None None None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 36,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "tagulous_product_tags"
+ ],
+ "object_id": "1",
+ "object_id_int": 1,
+ "title": "BodgeIt",
+ "description": "",
+ "content": "BodgeIt [Features](https://github.com/psiinon/bodgeit) and characteristics:\r\n\r\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\r\n* Self contained (no additional dependencies other than to 2 in the above line)\r\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\r\n* Cross platform\r\n* Open source\r\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up Tester Jester Bob Buster Peter Scramble high web production internal",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 37,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_id": "4",
+ "object_id_int": 4,
+ "title": "Engagement: Static Scan (Nov 03, 2021)",
+ "description": "",
+ "content": "Static Scan Initial static scan for Bodgeit. v.1.2.0 None None Completed other none none Interactive None None None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 38,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "15",
+ "object_id_int": 15,
+ "title": "Checkmarx Scan (Nov 03, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 39,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "8",
+ "object_id_int": 8,
+ "title": "SQL Injection (register.jsp)",
+ "description": "",
+ "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 40,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "9",
+ "object_id_int": 9,
+ "title": "Download of Code Without Integrity Check (login.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 41,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "10",
+ "object_id_int": 10,
+ "title": "Missing X Frame Options (web.xml)",
+ "description": "",
+ "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 42,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "11",
+ "object_id_int": 11,
+ "title": "Information Exposure Through an Error Message (AdvancedSearch.java)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 43,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "12",
+ "object_id_int": 12,
+ "title": "Improper Resource Shutdown or Release (home.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 44,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "13",
+ "object_id_int": 13,
+ "title": "Reflected XSS All Clients (basket.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 45,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "14",
+ "object_id_int": 14,
+ "title": "HttpOnlyCookies (register.jsp)",
+ "description": "",
+ "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 46,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "15",
+ "object_id_int": 15,
+ "title": "CGI Reflected XSS All Clients (register.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 47,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "16",
+ "object_id_int": 16,
+ "title": "Hardcoded password in Connection String (product.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 48,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "17",
+ "object_id_int": 17,
+ "title": "Client Insecure Randomness (encryption.js)",
+ "description": "",
+ "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 49,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "18",
+ "object_id_int": 18,
+ "title": "SQL Injection (password.jsp)",
+ "description": "",
+ "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 50,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "19",
+ "object_id_int": 19,
+ "title": "Stored XSS (basket.jsp)",
+ "description": "",
+ "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 51,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "20",
+ "object_id_int": 20,
+ "title": "CGI Stored XSS (home.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 52,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "21",
+ "object_id_int": 21,
+ "title": "Not Using a Random IV with CBC Mode (AES.java)",
+ "description": "",
+ "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 53,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "22",
+ "object_id_int": 22,
+ "title": "Collapse of Data into Unsafe Value (contact.jsp)",
+ "description": "",
+ "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 54,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "23",
+ "object_id_int": 23,
+ "title": "Stored Boundary Violation (login.jsp)",
+ "description": "",
+ "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 55,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "24",
+ "object_id_int": 24,
+ "title": "Hardcoded password in Connection String (home.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 56,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "25",
+ "object_id_int": 25,
+ "title": "Blind SQL Injections (password.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 57,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "26",
+ "object_id_int": 26,
+ "title": "Heap Inspection (password.jsp)",
+ "description": "",
+ "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 58,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "27",
+ "object_id_int": 27,
+ "title": "Use of Cryptographically Weak PRNG (home.jsp)",
+ "description": "",
+ "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 59,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "28",
+ "object_id_int": 28,
+ "title": "Trust Boundary Violation (login.jsp)",
+ "description": "",
+ "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 60,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "29",
+ "object_id_int": 29,
+ "title": "Information Exposure Through an Error Message (admin.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 61,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "30",
+ "object_id_int": 30,
+ "title": "Reliance on Cookies in a Decision (basket.jsp)",
+ "description": "",
+ "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 62,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "31",
+ "object_id_int": 31,
+ "title": "Empty Password In Connection String (product.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 63,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "32",
+ "object_id_int": 32,
+ "title": "Improper Resource Access Authorization (password.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 64,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "33",
+ "object_id_int": 33,
+ "title": "Client Cross Frame Scripting Attack (advanced.jsp)",
+ "description": "",
+ "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 65,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "34",
+ "object_id_int": 34,
+ "title": "Hardcoded password in Connection String (password.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 66,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "35",
+ "object_id_int": 35,
+ "title": "HttpOnlyCookies In Config (web.xml)",
+ "description": "",
+ "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 67,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "36",
+ "object_id_int": 36,
+ "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 68,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "37",
+ "object_id_int": 37,
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
+ "description": "",
+ "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 69,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "38",
+ "object_id_int": 38,
+ "title": "CGI Reflected XSS All Clients (login.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 70,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "39",
+ "object_id_int": 39,
+ "title": "Suspected XSS (password.jsp)",
+ "description": "",
+ "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** | <%=username%> | \n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 71,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "40",
+ "object_id_int": 40,
+ "title": "Hardcoded password in Connection String (contact.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 72,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "41",
+ "object_id_int": 41,
+ "title": "Hardcoded password in Connection String (dbconnection.jspf)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 73,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "42",
+ "object_id_int": 42,
+ "title": "Empty Password In Connection String (register.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 74,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "43",
+ "object_id_int": 43,
+ "title": "Download of Code Without Integrity Check (home.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 75,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "44",
+ "object_id_int": 44,
+ "title": "Information Exposure Through an Error Message (home.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 76,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "45",
+ "object_id_int": 45,
+ "title": "SQL Injection (login.jsp)",
+ "description": "",
+ "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 77,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "46",
+ "object_id_int": 46,
+ "title": "Empty Password In Connection String (advanced.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 78,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "47",
+ "object_id_int": 47,
+ "title": "CGI Stored XSS (score.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 79,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "48",
+ "object_id_int": 48,
+ "title": "Plaintext Storage in a Cookie (basket.jsp)",
+ "description": "",
+ "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 80,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "49",
+ "object_id_int": 49,
+ "title": "Information Exposure Through an Error Message (contact.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 81,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "50",
+ "object_id_int": 50,
+ "title": "Hardcoded password in Connection String (basket.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 82,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "51",
+ "object_id_int": 51,
+ "title": "Stored XSS (admin.jsp)",
+ "description": "",
+ "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 83,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "52",
+ "object_id_int": 52,
+ "title": "Download of Code Without Integrity Check (admin.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 84,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "53",
+ "object_id_int": 53,
+ "title": "Empty Password In Connection String (init.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 85,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "54",
+ "object_id_int": 54,
+ "title": "Heap Inspection (login.jsp)",
+ "description": "",
+ "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 86,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "55",
+ "object_id_int": 55,
+ "title": "Download of Code Without Integrity Check (product.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 87,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "56",
+ "object_id_int": 56,
+ "title": "Session Fixation (AdvancedSearch.java)",
+ "description": "",
+ "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 88,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "57",
+ "object_id_int": 57,
+ "title": "Stored XSS (search.jsp)",
+ "description": "",
+ "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 89,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "58",
+ "object_id_int": 58,
+ "title": "Empty Password In Connection String (dbconnection.jspf)",
+ "description": "",
+ "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 90,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "59",
+ "object_id_int": 59,
+ "title": "Hardcoded password in Connection String (init.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 91,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "60",
+ "object_id_int": 60,
+ "title": "Reflected XSS All Clients (contact.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 92,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "61",
+ "object_id_int": 61,
+ "title": "HttpOnlyCookies (basket.jsp)",
+ "description": "",
+ "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 93,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "62",
+ "object_id_int": 62,
+ "title": "Download of Code Without Integrity Check (register.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 94,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "63",
+ "object_id_int": 63,
+ "title": "Stored XSS (home.jsp)",
+ "description": "",
+ "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 95,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "64",
+ "object_id_int": 64,
+ "title": "Empty Password In Connection String (home.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 96,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "65",
+ "object_id_int": 65,
+ "title": "Reflected XSS All Clients (register.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 97,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "66",
+ "object_id_int": 66,
+ "title": "Improper Resource Access Authorization (product.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 98,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "67",
+ "object_id_int": 67,
+ "title": "Download of Code Without Integrity Check (password.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 99,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "68",
+ "object_id_int": 68,
+ "title": "Download of Code Without Integrity Check (score.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 100,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "69",
+ "object_id_int": 69,
+ "title": "Improper Resource Access Authorization (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 101,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "70",
+ "object_id_int": 70,
+ "title": "Race Condition Format Flaw (basket.jsp)",
+ "description": "",
+ "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 102,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "71",
+ "object_id_int": 71,
+ "title": "Empty Password In Connection String (header.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 103,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "72",
+ "object_id_int": 72,
+ "title": "Improper Resource Access Authorization (FunctionalZAP.java)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 104,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "73",
+ "object_id_int": 73,
+ "title": "Suspected XSS (contact.jsp)",
+ "description": "",
+ "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 105,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "74",
+ "object_id_int": 74,
+ "title": "Use of Cryptographically Weak PRNG (init.jsp)",
+ "description": "",
+ "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 106,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "75",
+ "object_id_int": 75,
+ "title": "CGI Stored XSS (product.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 107,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "76",
+ "object_id_int": 76,
+ "title": "Improper Resource Shutdown or Release (init.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 108,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "77",
+ "object_id_int": 77,
+ "title": "Download of Code Without Integrity Check (header.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 109,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "78",
+ "object_id_int": 78,
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 110,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "79",
+ "object_id_int": 79,
+ "title": "Blind SQL Injections (login.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 111,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "80",
+ "object_id_int": 80,
+ "title": "Client DOM Open Redirect (advanced.jsp)",
+ "description": "",
+ "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 112,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "81",
+ "object_id_int": 81,
+ "title": "Hardcoded password in Connection String (search.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 113,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "82",
+ "object_id_int": 82,
+ "title": "CGI Stored XSS (basket.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 114,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "83",
+ "object_id_int": 83,
+ "title": "Use of Insufficiently Random Values (init.jsp)",
+ "description": "",
+ "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 115,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "84",
+ "object_id_int": 84,
+ "title": "Missing X Frame Options (web.xml)",
+ "description": "",
+ "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 116,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "85",
+ "object_id_int": 85,
+ "title": "Reflected XSS All Clients (search.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 117,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "86",
+ "object_id_int": 86,
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
+ "description": "",
+ "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 118,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "87",
+ "object_id_int": 87,
+ "title": "Information Exposure Through an Error Message (score.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 119,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "88",
+ "object_id_int": 88,
+ "title": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)",
+ "description": "",
+ "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 120,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "89",
+ "object_id_int": 89,
+ "title": "Reliance on Cookies in a Decision (register.jsp)",
+ "description": "",
+ "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 121,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "90",
+ "object_id_int": 90,
+ "title": "Stored XSS (contact.jsp)",
+ "description": "",
+ "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 122,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "91",
+ "object_id_int": 91,
+ "title": "CGI Stored XSS (admin.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 123,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "92",
+ "object_id_int": 92,
+ "title": "Heap Inspection (register.jsp)",
+ "description": "",
+ "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 124,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "93",
+ "object_id_int": 93,
+ "title": "Improper Resource Shutdown or Release (search.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 125,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "94",
+ "object_id_int": 94,
+ "title": "Information Exposure Through an Error Message (register.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 126,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "95",
+ "object_id_int": 95,
+ "title": "Improper Resource Access Authorization (init.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 127,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "96",
+ "object_id_int": 96,
+ "title": "CGI Stored XSS (header.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 128,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "97",
+ "object_id_int": 97,
+ "title": "Blind SQL Injections (basket.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 129,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "98",
+ "object_id_int": 98,
+ "title": "HttpOnlyCookies In Config (web.xml)",
+ "description": "",
+ "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 130,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "99",
+ "object_id_int": 99,
+ "title": "Use of Hard coded Cryptographic Key (AES.java)",
+ "description": "",
+ "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 131,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "100",
+ "object_id_int": 100,
+ "title": "Improper Resource Shutdown or Release (score.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 132,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "101",
+ "object_id_int": 101,
+ "title": "CGI Reflected XSS All Clients (basket.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 133,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "102",
+ "object_id_int": 102,
+ "title": "Stored XSS (score.jsp)",
+ "description": "",
+ "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 134,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "103",
+ "object_id_int": 103,
+ "title": "Information Exposure Through an Error Message (basket.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 135,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "104",
+ "object_id_int": 104,
+ "title": "Improper Resource Access Authorization (search.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 136,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "105",
+ "object_id_int": 105,
+ "title": "Improper Resource Access Authorization (home.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 137,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "106",
+ "object_id_int": 106,
+ "title": "Improper Resource Shutdown or Release (admin.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 138,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "107",
+ "object_id_int": 107,
+ "title": "Information Exposure Through an Error Message (search.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 139,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "108",
+ "object_id_int": 108,
+ "title": "Blind SQL Injections (register.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 140,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "109",
+ "object_id_int": 109,
+ "title": "Reliance on Cookies in a Decision (login.jsp)",
+ "description": "",
+ "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 141,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "110",
+ "object_id_int": 110,
+ "title": "Download of Code Without Integrity Check (search.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 142,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "111",
+ "object_id_int": 111,
+ "title": "Unsynchronized Access To Shared Data (AdvancedSearch.java)",
+ "description": "",
+ "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 143,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "112",
+ "object_id_int": 112,
+ "title": "Empty Password In Connection String (search.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 144,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "113",
+ "object_id_int": 113,
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 145,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "114",
+ "object_id_int": 114,
+ "title": "Improper Resource Access Authorization (score.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 146,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "115",
+ "object_id_int": 115,
+ "title": "Session Fixation (logout.jsp)",
+ "description": "",
+ "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 147,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "116",
+ "object_id_int": 116,
+ "title": "Hardcoded password in Connection String (login.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 148,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "117",
+ "object_id_int": 117,
+ "title": "Hardcoded password in Connection String (advanced.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 149,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "118",
+ "object_id_int": 118,
+ "title": "Improper Resource Access Authorization (login.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 150,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "119",
+ "object_id_int": 119,
+ "title": "Improper Resource Access Authorization (header.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 151,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "120",
+ "object_id_int": 120,
+ "title": "Empty Password In Connection String (score.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 152,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "121",
+ "object_id_int": 121,
+ "title": "Improper Resource Shutdown or Release (password.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 153,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "122",
+ "object_id_int": 122,
+ "title": "Improper Resource Shutdown or Release (product.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 154,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "123",
+ "object_id_int": 123,
+ "title": "Empty Password In Connection String (login.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 155,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "124",
+ "object_id_int": 124,
+ "title": "Information Exposure Through an Error Message (login.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 156,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "125",
+ "object_id_int": 125,
+ "title": "Use of Insufficiently Random Values (contact.jsp)",
+ "description": "",
+ "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 157,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "126",
+ "object_id_int": 126,
+ "title": "Stored XSS (contact.jsp)",
+ "description": "",
+ "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 158,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "127",
+ "object_id_int": 127,
+ "title": "HttpOnlyCookies (login.jsp)",
+ "description": "",
+ "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 159,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "128",
+ "object_id_int": 128,
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
+ "description": "",
+ "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 160,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "129",
+ "object_id_int": 129,
+ "title": "Information Exposure Through an Error Message (header.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 161,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "130",
+ "object_id_int": 130,
+ "title": "Race Condition Format Flaw (product.jsp)",
+ "description": "",
+ "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 162,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "131",
+ "object_id_int": 131,
+ "title": "Stored XSS (product.jsp)",
+ "description": "",
+ "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \" | \" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\" | \" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 163,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "132",
+ "object_id_int": 132,
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 164,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "133",
+ "object_id_int": 133,
+ "title": "Heap Inspection (init.jsp)",
+ "description": "",
+ "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 165,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "134",
+ "object_id_int": 134,
+ "title": "CGI Reflected XSS All Clients (contact.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 166,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "135",
+ "object_id_int": 135,
+ "title": "Empty Password In Connection String (contact.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 167,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "136",
+ "object_id_int": 136,
+ "title": "Information Exposure Through an Error Message (product.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 168,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "137",
+ "object_id_int": 137,
+ "title": "XSRF (password.jsp)",
+ "description": "",
+ "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 169,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "138",
+ "object_id_int": 138,
+ "title": "Download of Code Without Integrity Check (advanced.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 170,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "139",
+ "object_id_int": 139,
+ "title": "Improper Resource Access Authorization (register.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 171,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "16",
+ "object_id_int": 16,
+ "title": "Checkmarx Scan (Nov 03, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 172,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "140",
+ "object_id_int": 140,
+ "title": "SQL Injection (register.jsp)",
+ "description": "",
+ "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 173,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "141",
+ "object_id_int": 141,
+ "title": "Download of Code Without Integrity Check (login.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 174,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "142",
+ "object_id_int": 142,
+ "title": "Missing X Frame Options (web.xml)",
+ "description": "",
+ "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 175,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "143",
+ "object_id_int": 143,
+ "title": "Information Exposure Through an Error Message (AdvancedSearch.java)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 176,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "144",
+ "object_id_int": 144,
+ "title": "Improper Resource Shutdown or Release (home.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 177,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "145",
+ "object_id_int": 145,
+ "title": "Reflected XSS All Clients (basket.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 178,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "146",
+ "object_id_int": 146,
+ "title": "HttpOnlyCookies (register.jsp)",
+ "description": "",
+ "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 179,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "147",
+ "object_id_int": 147,
+ "title": "CGI Reflected XSS All Clients (register.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 180,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "148",
+ "object_id_int": 148,
+ "title": "Hardcoded password in Connection String (product.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 181,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "149",
+ "object_id_int": 149,
+ "title": "Client Insecure Randomness (encryption.js)",
+ "description": "",
+ "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 182,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "150",
+ "object_id_int": 150,
+ "title": "SQL Injection (password.jsp)",
+ "description": "",
+ "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 183,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "151",
+ "object_id_int": 151,
+ "title": "Stored XSS (basket.jsp)",
+ "description": "",
+ "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 184,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "152",
+ "object_id_int": 152,
+ "title": "CGI Stored XSS (home.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 185,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "153",
+ "object_id_int": 153,
+ "title": "Not Using a Random IV with CBC Mode (AES.java)",
+ "description": "",
+ "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 186,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "154",
+ "object_id_int": 154,
+ "title": "Collapse of Data into Unsafe Value (contact.jsp)",
+ "description": "",
+ "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 187,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "155",
+ "object_id_int": 155,
+ "title": "Stored Boundary Violation (login.jsp)",
+ "description": "",
+ "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 188,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "156",
+ "object_id_int": 156,
+ "title": "Hardcoded password in Connection String (home.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 189,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "157",
+ "object_id_int": 157,
+ "title": "Blind SQL Injections (password.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 190,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "158",
+ "object_id_int": 158,
+ "title": "Heap Inspection (password.jsp)",
+ "description": "",
+ "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 191,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "159",
+ "object_id_int": 159,
+ "title": "Use of Cryptographically Weak PRNG (home.jsp)",
+ "description": "",
+ "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 192,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "160",
+ "object_id_int": 160,
+ "title": "Trust Boundary Violation (login.jsp)",
+ "description": "",
+ "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 193,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "161",
+ "object_id_int": 161,
+ "title": "Information Exposure Through an Error Message (admin.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 194,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "162",
+ "object_id_int": 162,
+ "title": "Reliance on Cookies in a Decision (basket.jsp)",
+ "description": "",
+ "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 195,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "163",
+ "object_id_int": 163,
+ "title": "Empty Password In Connection String (product.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 196,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "164",
+ "object_id_int": 164,
+ "title": "Improper Resource Access Authorization (password.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 197,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "165",
+ "object_id_int": 165,
+ "title": "Client Cross Frame Scripting Attack (advanced.jsp)",
+ "description": "",
+ "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 198,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "166",
+ "object_id_int": 166,
+ "title": "Hardcoded password in Connection String (password.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 199,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "167",
+ "object_id_int": 167,
+ "title": "HttpOnlyCookies In Config (web.xml)",
+ "description": "",
+ "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 200,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "168",
+ "object_id_int": 168,
+ "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 201,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "169",
+ "object_id_int": 169,
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
+ "description": "",
+ "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 202,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "170",
+ "object_id_int": 170,
+ "title": "CGI Reflected XSS All Clients (login.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 203,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "171",
+ "object_id_int": 171,
+ "title": "Suspected XSS (password.jsp)",
+ "description": "",
+ "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** | <%=username%> | \n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 204,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "172",
+ "object_id_int": 172,
+ "title": "Hardcoded password in Connection String (contact.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 205,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "173",
+ "object_id_int": 173,
+ "title": "Hardcoded password in Connection String (dbconnection.jspf)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 206,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "174",
+ "object_id_int": 174,
+ "title": "Empty Password In Connection String (register.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 207,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "175",
+ "object_id_int": 175,
+ "title": "Download of Code Without Integrity Check (home.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 208,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "176",
+ "object_id_int": 176,
+ "title": "Information Exposure Through an Error Message (home.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 209,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "177",
+ "object_id_int": 177,
+ "title": "SQL Injection (login.jsp)",
+ "description": "",
+ "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 210,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "178",
+ "object_id_int": 178,
+ "title": "Empty Password In Connection String (advanced.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 211,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "179",
+ "object_id_int": 179,
+ "title": "CGI Stored XSS (score.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 212,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "180",
+ "object_id_int": 180,
+ "title": "Plaintext Storage in a Cookie (basket.jsp)",
+ "description": "",
+ "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 213,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "181",
+ "object_id_int": 181,
+ "title": "Information Exposure Through an Error Message (contact.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 214,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "182",
+ "object_id_int": 182,
+ "title": "Hardcoded password in Connection String (basket.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 215,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "183",
+ "object_id_int": 183,
+ "title": "Stored XSS (admin.jsp)",
+ "description": "",
+ "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 216,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "184",
+ "object_id_int": 184,
+ "title": "Download of Code Without Integrity Check (admin.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 217,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "185",
+ "object_id_int": 185,
+ "title": "Empty Password In Connection String (init.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 218,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "186",
+ "object_id_int": 186,
+ "title": "Heap Inspection (login.jsp)",
+ "description": "",
+ "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 219,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "187",
+ "object_id_int": 187,
+ "title": "Download of Code Without Integrity Check (product.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 220,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "188",
+ "object_id_int": 188,
+ "title": "Session Fixation (AdvancedSearch.java)",
+ "description": "",
+ "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 221,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "189",
+ "object_id_int": 189,
+ "title": "Stored XSS (search.jsp)",
+ "description": "",
+ "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 222,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "190",
+ "object_id_int": 190,
+ "title": "Empty Password In Connection String (dbconnection.jspf)",
+ "description": "",
+ "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 223,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "191",
+ "object_id_int": 191,
+ "title": "Hardcoded password in Connection String (init.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 224,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "192",
+ "object_id_int": 192,
+ "title": "Reflected XSS All Clients (contact.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 225,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "193",
+ "object_id_int": 193,
+ "title": "HttpOnlyCookies (basket.jsp)",
+ "description": "",
+ "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 226,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "194",
+ "object_id_int": 194,
+ "title": "Download of Code Without Integrity Check (register.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 227,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "195",
+ "object_id_int": 195,
+ "title": "Stored XSS (home.jsp)",
+ "description": "",
+ "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 228,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "196",
+ "object_id_int": 196,
+ "title": "Empty Password In Connection String (home.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 229,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "197",
+ "object_id_int": 197,
+ "title": "Reflected XSS All Clients (register.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 230,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "198",
+ "object_id_int": 198,
+ "title": "Improper Resource Access Authorization (product.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 231,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "199",
+ "object_id_int": 199,
+ "title": "Download of Code Without Integrity Check (password.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 232,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "200",
+ "object_id_int": 200,
+ "title": "Download of Code Without Integrity Check (score.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 233,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "201",
+ "object_id_int": 201,
+ "title": "Improper Resource Access Authorization (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 234,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "202",
+ "object_id_int": 202,
+ "title": "Race Condition Format Flaw (basket.jsp)",
+ "description": "",
+ "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 235,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "203",
+ "object_id_int": 203,
+ "title": "Empty Password In Connection String (header.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 236,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "204",
+ "object_id_int": 204,
+ "title": "Improper Resource Access Authorization (FunctionalZAP.java)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 237,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "205",
+ "object_id_int": 205,
+ "title": "Suspected XSS (contact.jsp)",
+ "description": "",
+ "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 238,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "206",
+ "object_id_int": 206,
+ "title": "Use of Cryptographically Weak PRNG (init.jsp)",
+ "description": "",
+ "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 239,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "207",
+ "object_id_int": 207,
+ "title": "CGI Stored XSS (product.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 240,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "208",
+ "object_id_int": 208,
+ "title": "Improper Resource Shutdown or Release (init.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 241,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "209",
+ "object_id_int": 209,
+ "title": "Download of Code Without Integrity Check (header.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 242,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "210",
+ "object_id_int": 210,
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 243,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "211",
+ "object_id_int": 211,
+ "title": "Blind SQL Injections (login.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 244,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "212",
+ "object_id_int": 212,
+ "title": "Client DOM Open Redirect (advanced.jsp)",
+ "description": "",
+ "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 245,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "213",
+ "object_id_int": 213,
+ "title": "Hardcoded password in Connection String (search.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 246,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "214",
+ "object_id_int": 214,
+ "title": "CGI Stored XSS (basket.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 247,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "215",
+ "object_id_int": 215,
+ "title": "Use of Insufficiently Random Values (init.jsp)",
+ "description": "",
+ "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 248,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "216",
+ "object_id_int": 216,
+ "title": "Missing X Frame Options (web.xml)",
+ "description": "",
+ "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 249,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "217",
+ "object_id_int": 217,
+ "title": "Reflected XSS All Clients (search.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 250,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "218",
+ "object_id_int": 218,
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
+ "description": "",
+ "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 251,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "219",
+ "object_id_int": 219,
+ "title": "Information Exposure Through an Error Message (score.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 252,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "220",
+ "object_id_int": 220,
+ "title": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)",
+ "description": "",
+ "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 253,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "221",
+ "object_id_int": 221,
+ "title": "Reliance on Cookies in a Decision (register.jsp)",
+ "description": "",
+ "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 254,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "222",
+ "object_id_int": 222,
+ "title": "Stored XSS (contact.jsp)",
+ "description": "",
+ "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 255,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "223",
+ "object_id_int": 223,
+ "title": "CGI Stored XSS (admin.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 256,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "224",
+ "object_id_int": 224,
+ "title": "Heap Inspection (register.jsp)",
+ "description": "",
+ "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 257,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "225",
+ "object_id_int": 225,
+ "title": "Improper Resource Shutdown or Release (search.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 258,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "226",
+ "object_id_int": 226,
+ "title": "Information Exposure Through an Error Message (register.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 259,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "227",
+ "object_id_int": 227,
+ "title": "Improper Resource Access Authorization (init.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 260,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "228",
+ "object_id_int": 228,
+ "title": "CGI Stored XSS (header.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 261,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "229",
+ "object_id_int": 229,
+ "title": "Blind SQL Injections (basket.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 262,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "230",
+ "object_id_int": 230,
+ "title": "HttpOnlyCookies In Config (web.xml)",
+ "description": "",
+ "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 263,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "231",
+ "object_id_int": 231,
+ "title": "Use of Hard coded Cryptographic Key (AES.java)",
+ "description": "",
+ "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 264,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "232",
+ "object_id_int": 232,
+ "title": "Improper Resource Shutdown or Release (score.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 265,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "233",
+ "object_id_int": 233,
+ "title": "CGI Reflected XSS All Clients (basket.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 266,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "234",
+ "object_id_int": 234,
+ "title": "Stored XSS (score.jsp)",
+ "description": "",
+ "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 267,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "235",
+ "object_id_int": 235,
+ "title": "Information Exposure Through an Error Message (basket.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 268,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "236",
+ "object_id_int": 236,
+ "title": "Improper Resource Access Authorization (search.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 269,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "237",
+ "object_id_int": 237,
+ "title": "Improper Resource Access Authorization (home.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 270,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "238",
+ "object_id_int": 238,
+ "title": "Improper Resource Shutdown or Release (admin.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 271,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "239",
+ "object_id_int": 239,
+ "title": "Information Exposure Through an Error Message (search.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 272,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "240",
+ "object_id_int": 240,
+ "title": "Blind SQL Injections (register.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 273,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "241",
+ "object_id_int": 241,
+ "title": "Reliance on Cookies in a Decision (login.jsp)",
+ "description": "",
+ "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 274,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "242",
+ "object_id_int": 242,
+ "title": "Download of Code Without Integrity Check (search.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 275,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "243",
+ "object_id_int": 243,
+ "title": "Unsynchronized Access To Shared Data (AdvancedSearch.java)",
+ "description": "",
+ "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 276,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "244",
+ "object_id_int": 244,
+ "title": "Empty Password In Connection String (search.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 277,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "245",
+ "object_id_int": 245,
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 278,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "246",
+ "object_id_int": 246,
+ "title": "Improper Resource Access Authorization (score.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 279,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "247",
+ "object_id_int": 247,
+ "title": "Session Fixation (logout.jsp)",
+ "description": "",
+ "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 280,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "248",
+ "object_id_int": 248,
+ "title": "Hardcoded password in Connection String (login.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 281,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "249",
+ "object_id_int": 249,
+ "title": "Hardcoded password in Connection String (advanced.jsp)",
+ "description": "",
+ "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 282,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "250",
+ "object_id_int": 250,
+ "title": "Improper Resource Access Authorization (login.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 283,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "251",
+ "object_id_int": 251,
+ "title": "Improper Resource Access Authorization (header.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 284,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "252",
+ "object_id_int": 252,
+ "title": "Empty Password In Connection String (score.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 285,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "253",
+ "object_id_int": 253,
+ "title": "Improper Resource Shutdown or Release (password.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 286,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "254",
+ "object_id_int": 254,
+ "title": "Improper Resource Shutdown or Release (product.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 287,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "255",
+ "object_id_int": 255,
+ "title": "Empty Password In Connection String (login.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 288,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "256",
+ "object_id_int": 256,
+ "title": "Information Exposure Through an Error Message (login.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 289,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "257",
+ "object_id_int": 257,
+ "title": "Use of Insufficiently Random Values (contact.jsp)",
+ "description": "",
+ "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 290,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "258",
+ "object_id_int": 258,
+ "title": "Stored XSS (contact.jsp)",
+ "description": "",
+ "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 291,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "259",
+ "object_id_int": 259,
+ "title": "HttpOnlyCookies (login.jsp)",
+ "description": "",
+ "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 292,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "260",
+ "object_id_int": 260,
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
+ "description": "",
+ "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 293,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "261",
+ "object_id_int": 261,
+ "title": "Information Exposure Through an Error Message (header.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 294,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "262",
+ "object_id_int": 262,
+ "title": "Race Condition Format Flaw (product.jsp)",
+ "description": "",
+ "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 295,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "263",
+ "object_id_int": 263,
+ "title": "Stored XSS (product.jsp)",
+ "description": "",
+ "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \" | \" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\" | \" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 296,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "264",
+ "object_id_int": 264,
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 297,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "265",
+ "object_id_int": 265,
+ "title": "Heap Inspection (init.jsp)",
+ "description": "",
+ "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 298,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "266",
+ "object_id_int": 266,
+ "title": "CGI Reflected XSS All Clients (contact.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 299,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "267",
+ "object_id_int": 267,
+ "title": "Empty Password In Connection String (contact.jsp)",
+ "description": "",
+ "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 300,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "268",
+ "object_id_int": 268,
+ "title": "Information Exposure Through an Error Message (product.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"
\");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 301,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "269",
+ "object_id_int": 269,
+ "title": "XSRF (password.jsp)",
+ "description": "",
+ "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 302,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "270",
+ "object_id_int": 270,
+ "title": "Download of Code Without Integrity Check (advanced.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 303,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "271",
+ "object_id_int": 271,
+ "title": "Improper Resource Access Authorization (register.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 304,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "272",
+ "object_id_int": 272,
+ "title": "Download of Code Without Integrity Check (basket.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 305,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "273",
+ "object_id_int": 273,
+ "title": "Improper Resource Access Authorization (admin.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None None None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 306,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "274",
+ "object_id_int": 274,
+ "title": "Use of Cryptographically Weak PRNG (contact.jsp)",
+ "description": "",
+ "content": "Use of Cryptographically Weak PRNG (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 307,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "275",
+ "object_id_int": 275,
+ "title": "Improper Resource Shutdown or Release (contact.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 308,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "276",
+ "object_id_int": 276,
+ "title": "Reflected XSS All Clients (login.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 309,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "277",
+ "object_id_int": 277,
+ "title": "Use of Insufficiently Random Values (home.jsp)",
+ "description": "",
+ "content": "Use of Insufficiently Random Values (home.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 310,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "278",
+ "object_id_int": 278,
+ "title": "SQL Injection (basket.jsp)",
+ "description": "",
+ "content": "SQL Injection (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None None None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 311,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "notification_webhooks"
+ ],
+ "object_id": "1",
+ "object_id_int": 1,
+ "title": "Tomcat | BodgeIt",
+ "description": "",
+ "content": "Tomcat 8.5.1 None None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 312,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "262",
+ "object_id_int": 262,
+ "title": "Race Condition Format Flaw (product.jsp)",
+ "description": "",
+ "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None 262 N/A None BodgeIt ",
+ "url": "/finding/262",
+ "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 313,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "263",
+ "object_id_int": 263,
+ "title": "Stored XSS (product.jsp)",
+ "description": "",
+ "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None 263 N/A None BodgeIt ",
+ "url": "/finding/263",
+ "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 314,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_id": "6",
+ "object_id_int": 6,
+ "title": "Engagement: Quarterly PCI Scan (Jan 19, 2022)",
+ "description": "",
+ "content": "Quarterly PCI Scan Reccuring Quarterly Scan None None None Not Started other none none Interactive None None None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 315,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "18",
+ "object_id_int": 18,
+ "title": "Qualys Scan (Jan 19, 2022)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 316,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "tagulous_product_tags"
+ ],
+ "object_id": "2",
+ "object_id_int": 2,
+ "title": "Internal CRM App",
+ "description": "",
+ "content": "Internal CRM App * New product in development that attempts to follow all best practices Bob Builder Tester Jester None medium web construction internal",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 317,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_id": "7",
+ "object_id_int": 7,
+ "title": "Engagement: Ad Hoc Engagement (Nov 03, 2021)",
+ "description": "",
+ "content": "Ad Hoc Engagement None None None None None threat_model none none Interactive None None None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 318,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "19",
+ "object_id_int": 19,
+ "title": "Pen Test (Nov 03, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 319,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "279",
+ "object_id_int": 279,
+ "title": "test",
+ "description": "",
+ "content": "test No url given Info asdf adf asdf No references given S4 None None None None None df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5 None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 320,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "tagulous_product_tags"
+ ],
+ "object_id": "3",
+ "object_id_int": 3,
+ "title": "Apple Accounting Software",
+ "description": "",
+ "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers 0 0 0 high web production purchased",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 321,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_id": "8",
+ "object_id_int": 8,
+ "title": "Engagement: Initial Assessment (Dec 20, 2021)",
+ "description": "",
+ "content": "Initial Assessment This application needs to be assesed to determine the security posture. 10.2.1 None None Not Started other none none Interactive None None None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 322,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "20",
+ "object_id_int": 20,
+ "title": "API Test (Dec 20, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 323,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "21",
+ "object_id_int": 21,
+ "title": "Nmap Scan (Dec 20, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 324,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "22",
+ "object_id_int": 22,
+ "title": "Dependency Check Scan (Dec 20, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 325,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "23",
+ "object_id_int": 23,
+ "title": "ZAP Scan (Dec 20, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 326,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "276",
+ "object_id_int": 276,
+ "title": "Reflected XSS All Clients (login.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None 276 N/A None BodgeIt ",
+ "url": "/finding/276",
+ "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 327,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "277",
+ "object_id_int": 277,
+ "title": "Use of Insufficiently Random Values (home.jsp)",
+ "description": "",
+ "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None 277 N/A None BodgeIt ",
+ "url": "/finding/277",
+ "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 328,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_id": "10",
+ "object_id_int": 10,
+ "title": "Engagement: Multiple scanners (Nov 04, 2021)",
+ "description": "",
+ "content": "Multiple scanners Example engagement with multiple scan types. 1.2.1 None None Completed threat_model none none Interactive None None None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 329,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "25",
+ "object_id_int": 25,
+ "title": "Dependency Check Scan (Nov 04, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 330,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "280",
+ "object_id_int": 280,
+ "title": "notepad++.exe | CVE-2007-2666",
+ "description": "",
+ "content": "notepad++.exe | CVE-2007-2666 None High CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++. None None name: 23961\nsource: BID\nurl: http://www.securityfocus.com/bid/23961\n\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\n\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\n\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\nsource: CONFIRM\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\n\nname: 3912\nsource: MILW0RM\nurl: http://www.milw0rm.com/exploits/3912\n\nname: ADV-2007-1794\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1794\n\nname: ADV-2007-1867\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1867\n\nname: notepadplus-rb-bo(34269)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34269\n\nname: scintilla-rb-bo(34372)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34372\n\n S1 None None None None None 1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a notepad++.exe",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 331,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "281",
+ "object_id_int": 281,
+ "title": "notepad++.exe | CVE-2008-3436",
+ "description": "",
+ "content": "notepad++.exe | CVE-2008-3436 None High CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. None None name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\nsource: FULLDISC\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\n\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\nsource: MISC\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\n\n S1 None None None None None b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb notepad++.exe",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 332,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "26",
+ "object_id_int": 26,
+ "title": "VCG Scan (Nov 04, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 333,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "282",
+ "object_id_int": 282,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 334,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "283",
+ "object_id_int": 283,
+ "title": ".NET Debugging Enabled",
+ "description": "",
+ "content": ".NET Debugging Enabled None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n None None None S2 None None None None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 335,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "284",
+ "object_id_int": 284,
+ "title": "URL Request Gets Path from Variable",
+ "description": "",
+ "content": "URL Request Gets Path from Variable None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None None None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 336,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "285",
+ "object_id_int": 285,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 337,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "286",
+ "object_id_int": 286,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 338,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "287",
+ "object_id_int": 287,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 339,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "288",
+ "object_id_int": 288,
+ "title": ".NET Debugging Enabled",
+ "description": "",
+ "content": ".NET Debugging Enabled None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n None None None S2 None None None None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 340,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "289",
+ "object_id_int": 289,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 341,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "290",
+ "object_id_int": 290,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 342,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "291",
+ "object_id_int": 291,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 343,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "292",
+ "object_id_int": 292,
+ "title": "URL Request Gets Path from Variable",
+ "description": "",
+ "content": "URL Request Gets Path from Variable None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n None None None S3 None None None None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 344,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "293",
+ "object_id_int": 293,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 345,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "294",
+ "object_id_int": 294,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 346,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "295",
+ "object_id_int": 295,
+ "title": "URL Request Gets Path from Variable",
+ "description": "",
+ "content": "URL Request Gets Path from Variable None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None None None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 347,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "296",
+ "object_id_int": 296,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 348,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "297",
+ "object_id_int": 297,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 349,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "298",
+ "object_id_int": 298,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 350,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "299",
+ "object_id_int": 299,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n None None None S4 None None None None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 351,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "301",
+ "object_id_int": 301,
+ "title": "Frameable response (potential Clickjacking)",
+ "description": "",
+ "content": "Frameable response (potential Clickjacking) None None None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None 301 None None BodgeIt ",
+ "url": "/finding/301",
+ "meta_encoded": "{\"cve\": null, \"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 352,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "28",
+ "object_id_int": 28,
+ "title": "Burp Scan (Nov 04, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 353,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "300",
+ "object_id_int": 300,
+ "title": "Password field with autocomplete enabled",
+ "description": "",
+ "content": "Password field with autocomplete enabled None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 354,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "4",
+ "object_id_int": 4,
+ "title": "http://localhost:8888/bodgeit/login.jsp",
+ "description": "",
+ "content": "http localhost:8888 None /bodgeit/login.jsp None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 355,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "5",
+ "object_id_int": 5,
+ "title": "127.0.0.1",
+ "description": "",
+ "content": "None 127.0.0.1 None None None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 356,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "6",
+ "object_id_int": 6,
+ "title": "http://localhost:8888/bodgeit/register.jsp",
+ "description": "",
+ "content": "http localhost:8888 None /bodgeit/register.jsp None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 357,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "7",
+ "object_id_int": 7,
+ "title": "http://localhost:8888/bodgeit/password.jsp",
+ "description": "",
+ "content": "http localhost:8888 None /bodgeit/password.jsp None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 358,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "301",
+ "object_id_int": 301,
+ "title": "Frameable response (potential Clickjacking)",
+ "description": "",
+ "content": "Frameable response (potential Clickjacking) None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 359,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "8",
+ "object_id_int": 8,
+ "title": "http://localhost:8888/bodgeit/",
+ "description": "",
+ "content": "http localhost:8888 None /bodgeit/ None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 360,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "9",
+ "object_id_int": 9,
+ "title": "http://localhost:8888/bodgeit/basket.jsp",
+ "description": "",
+ "content": "http localhost:8888 None /bodgeit/basket.jsp None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 361,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "10",
+ "object_id_int": 10,
+ "title": "http://localhost:8888/bodgeit/advanced.jsp",
+ "description": "",
+ "content": "http localhost:8888 None /bodgeit/advanced.jsp None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 362,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "11",
+ "object_id_int": 11,
+ "title": "http://localhost:8888/bodgeit/admin.jsp",
+ "description": "",
+ "content": "http localhost:8888 None /bodgeit/admin.jsp None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 363,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "12",
+ "object_id_int": 12,
+ "title": "http://localhost:8888/bodgeit/about.jsp",
+ "description": "",
+ "content": "http localhost:8888 None /bodgeit/about.jsp None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 364,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "13",
+ "object_id_int": 13,
+ "title": "http://localhost:8888/bodgeit/contact.jsp",
+ "description": "",
+ "content": "http localhost:8888 None /bodgeit/contact.jsp None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 365,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "14",
+ "object_id_int": 14,
+ "title": "http://localhost:8888/bodgeit/home.jsp",
+ "description": "",
+ "content": "http localhost:8888 None /bodgeit/home.jsp None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 366,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "15",
+ "object_id_int": 15,
+ "title": "http://localhost:8888/bodgeit/product.jsp",
+ "description": "",
+ "content": "http localhost:8888 None /bodgeit/product.jsp None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 367,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "16",
+ "object_id_int": 16,
+ "title": "http://localhost:8888/bodgeit/score.jsp",
+ "description": "",
+ "content": "http localhost:8888 None /bodgeit/score.jsp None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 368,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "17",
+ "object_id_int": 17,
+ "title": "http://localhost:8888/bodgeit/search.jsp",
+ "description": "",
+ "content": "http localhost:8888 None /bodgeit/search.jsp None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 369,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "18",
+ "object_id_int": 18,
+ "title": "http://localhost:8888/",
+ "description": "",
+ "content": "http localhost:8888 None / None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 370,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "19",
+ "object_id_int": 19,
+ "title": "http://localhost:8888/bodgeit/logout.jsp",
+ "description": "",
+ "content": "http localhost:8888 None /bodgeit/logout.jsp None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 371,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "302",
+ "object_id_int": 302,
+ "title": "Cross-site scripting (reflected)",
+ "description": "",
+ "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 372,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "303",
+ "object_id_int": 303,
+ "title": "Unencrypted communications",
+ "description": "",
+ "content": "Unencrypted communications None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None None None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 373,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "304",
+ "object_id_int": 304,
+ "title": "Password returned in later response",
+ "description": "",
+ "content": "Password returned in later response None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None None None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 374,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "305",
+ "object_id_int": 305,
+ "title": "Email addresses disclosed",
+ "description": "",
+ "content": "Email addresses disclosed None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None None None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 375,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "306",
+ "object_id_int": 306,
+ "title": "Cross-site request forgery",
+ "description": "",
+ "content": "Cross-site request forgery None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None None None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 376,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "307",
+ "object_id_int": 307,
+ "title": "SQL injection",
+ "description": "",
+ "content": "SQL injection None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None None None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 377,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "308",
+ "object_id_int": 308,
+ "title": "Path-relative style sheet import",
+ "description": "",
+ "content": "Path-relative style sheet import None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 378,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "309",
+ "object_id_int": 309,
+ "title": "Cleartext submission of password",
+ "description": "",
+ "content": "Cleartext submission of password None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 379,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_id": "11",
+ "object_id_int": 11,
+ "title": "Engagement: Manual PenTest (Dec 30, 2021)",
+ "description": "",
+ "content": "Manual PenTest Please do a manual pentest before our next release to prod. 1.9.1 None None Blocked other none none Interactive None None None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 380,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "29",
+ "object_id_int": 29,
+ "title": "Manual Code Review (Nov 04, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 381,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "30",
+ "object_id_int": 30,
+ "title": "Pen Test (Nov 04, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 382,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_id": "12",
+ "object_id_int": 12,
+ "title": "Engagement: CI/CD Baseline Security Test (Nov 04, 2021)",
+ "description": "",
+ "content": "CI/CD Baseline Security Test 1.1.2 None https://github.com/psiinon/bodgeit None Completed other none none CI/CD 89 b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6 master https://github.com/psiinon/bodgeit",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 383,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "31",
+ "object_id_int": 31,
+ "title": "Gosec Scanner (Nov 04, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 384,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "310",
+ "object_id_int": 310,
+ "title": "this method will not auto-escape HTML. Verify data is well formed.-G203",
+ "description": "",
+ "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 385,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "311",
+ "object_id_int": 311,
+ "title": "this method will not auto-escape HTML. Verify data is well formed.-G203",
+ "description": "",
+ "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 386,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "312",
+ "object_id_int": 312,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 387,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "313",
+ "object_id_int": 313,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 388,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "314",
+ "object_id_int": 314,
+ "title": "SQL string formatting-G201",
+ "description": "",
+ "content": "SQL string formatting-G201 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n coming soon None None S2 None None None None None 929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd /vagrant/go/src/govwa/vulnerability/sqli/function.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 389,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "315",
+ "object_id_int": 315,
+ "title": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
+ "description": "",
+ "content": "Blacklisted import crypto/md5: weak cryptographic primitive-G501 N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None None None None 58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5 /vagrant/go/src/govwa/user/user.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 390,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "316",
+ "object_id_int": 316,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 391,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "317",
+ "object_id_int": 317,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None None None None 847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af /vagrant/go/src/govwa/vulnerability/csa/csa.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 392,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "318",
+ "object_id_int": 318,
+ "title": "Use of weak cryptographic primitive-G401",
+ "description": "",
+ "content": "Use of weak cryptographic primitive-G401 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None None None None 01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f /vagrant/go/src/govwa/vulnerability/idor/idor.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 393,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "319",
+ "object_id_int": 319,
+ "title": "Use of weak cryptographic primitive-G401",
+ "description": "",
+ "content": "Use of weak cryptographic primitive-G401 N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None None None None 493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4 /vagrant/go/src/govwa/user/user.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 394,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "320",
+ "object_id_int": 320,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n coming soon None None S3 None None None None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 395,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "321",
+ "object_id_int": 321,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n coming soon None None S3 None None None None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 396,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "322",
+ "object_id_int": 322,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n coming soon None None S3 None None None None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 397,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "323",
+ "object_id_int": 323,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n coming soon None None S3 None None None None None 2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95 /vagrant/go/src/govwa/app.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 398,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "324",
+ "object_id_int": 324,
+ "title": "this method will not auto-escape HTML. Verify data is well formed.-G203",
+ "description": "",
+ "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 399,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "325",
+ "object_id_int": 325,
+ "title": "this method will not auto-escape HTML. Verify data is well formed.-G203",
+ "description": "",
+ "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 400,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "326",
+ "object_id_int": 326,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n coming soon None None S3 None None None None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 401,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "327",
+ "object_id_int": 327,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n coming soon None None S3 None None None None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 402,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "328",
+ "object_id_int": 328,
+ "title": "Use of weak cryptographic primitive-G401",
+ "description": "",
+ "content": "Use of weak cryptographic primitive-G401 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None None None None 409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692 /vagrant/go/src/govwa/vulnerability/csa/csa.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 403,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "329",
+ "object_id_int": 329,
+ "title": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
+ "description": "",
+ "content": "Blacklisted import crypto/md5: weak cryptographic primitive-G501 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None None None None 822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1 /vagrant/go/src/govwa/vulnerability/csa/csa.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 404,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "330",
+ "object_id_int": 330,
+ "title": "Blacklisted import crypto/md5: weak cryptographic primitive-G501",
+ "description": "",
+ "content": "Blacklisted import crypto/md5: weak cryptographic primitive-G501 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None None None None 1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca /vagrant/go/src/govwa/vulnerability/idor/idor.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 405,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "331",
+ "object_id_int": 331,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n coming soon None None S3 None None None None None 9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a /vagrant/go/src/govwa/util/cookie.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 406,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "332",
+ "object_id_int": 332,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 407,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "333",
+ "object_id_int": 333,
+ "title": "this method will not auto-escape HTML. Verify data is well formed.-G203",
+ "description": "",
+ "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n coming soon None None S2 None None None None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 408,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "334",
+ "object_id_int": 334,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None None None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 409,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "335",
+ "object_id_int": 335,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None None None None 27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa /vagrant/go/src/govwa/user/user.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 410,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "336",
+ "object_id_int": 336,
+ "title": "Errors unhandled.-G104",
+ "description": "",
+ "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n coming soon None None S3 None None None None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 411,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "337",
+ "object_id_int": 337,
+ "title": "this method will not auto-escape HTML. Verify data is well formed.-G203",
+ "description": "",
+ "content": "this method will not auto-escape HTML. Verify data is well formed.-G203 N/A Medium Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n coming soon None None S2 None None None None None 2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66 /vagrant/go/src/govwa/util/template.go",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 412,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "1",
+ "object_id_int": 1,
+ "title": "http://127.0.0.1/endpoint/420/edit/",
+ "description": "",
+ "content": "http 127.0.0.1 example.com /endpoint/420/edit/ None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 413,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "2",
+ "object_id_int": 2,
+ "title": "ftp://localhost/",
+ "description": "",
+ "content": "ftp localhost www.example.com / None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 414,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "endpoint_params"
+ ],
+ "object_id": "3",
+ "object_id_int": 3,
+ "title": "ssh:127.0.0.1",
+ "description": "",
+ "content": "ssh 127.0.0.1 www.example.com None None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 415,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_id": "1",
+ "object_id_int": 1,
+ "title": "Engagement: 1st Quarter Engagement (Jun 30, 2021)",
+ "description": "",
+ "content": "1st Quarter Engagement test Engagement None None None None In Progress threat_model none none Interactive None None None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 416,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_id": "3",
+ "object_id_int": 3,
+ "title": "Engagement: weekly engagement (Jun 21, 2021)",
+ "description": "",
+ "content": "weekly engagement test Engagement None None None None Completed threat_model none none Interactive None None None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 417,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "3",
+ "object_id_int": 3,
+ "title": "API Test (Feb 18, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 418,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "13",
+ "object_id_int": 13,
+ "title": "API Test (Mar 21, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 419,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "engagement_presets"
+ ],
+ "object_id": "13",
+ "object_id_int": 13,
+ "title": "Engagement: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)",
+ "description": "",
+ "content": "AdHoc Import - Fri, 17 Aug 2018 18:20:55 None None None None None In Progress threat_model none none Interactive None None None None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 420,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "sonarqube_issue_transition"
+ ],
+ "object_id": "32",
+ "object_id_int": 32,
+ "title": "Burp Scan (Nov 04, 2021)",
+ "description": "",
+ "content": "",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 421,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "338",
+ "object_id_int": 338,
+ "title": "Password field with autocomplete enabled",
+ "description": "",
+ "content": "Password field with autocomplete enabled None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 422,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "339",
+ "object_id_int": 339,
+ "title": "Frameable response (potential Clickjacking)",
+ "description": "",
+ "content": "Frameable response (potential Clickjacking) None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 423,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "340",
+ "object_id_int": 340,
+ "title": "Cross-site scripting (reflected)",
+ "description": "",
+ "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 424,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "341",
+ "object_id_int": 341,
+ "title": "Unencrypted communications",
+ "description": "",
+ "content": "Unencrypted communications None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None None None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 425,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "342",
+ "object_id_int": 342,
+ "title": "Password returned in later response",
+ "description": "",
+ "content": "Password returned in later response None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None None None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 426,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "343",
+ "object_id_int": 343,
+ "title": "Email addresses disclosed",
+ "description": "",
+ "content": "Email addresses disclosed None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None None None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 427,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "344",
+ "object_id_int": 344,
+ "title": "Cross-site request forgery",
+ "description": "",
+ "content": "Cross-site request forgery None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None None None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 428,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "345",
+ "object_id_int": 345,
+ "title": "SQL injection",
+ "description": "",
+ "content": "SQL injection None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None None None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 429,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "346",
+ "object_id_int": 346,
+ "title": "Path-relative style sheet import",
+ "description": "",
+ "content": "Path-relative style sheet import None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None None None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 430,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "test_import"
+ ],
+ "object_id": "347",
+ "object_id_int": 347,
+ "title": "Cleartext submission of password",
+ "description": "",
+ "content": "Cleartext submission of password None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None None None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None",
+ "url": "",
+ "meta_encoded": "{}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 431,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "5",
+ "object_id_int": 5,
+ "title": "High Impact Test Finding",
+ "description": "",
+ "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 5 None None Internal CRM App 222",
+ "url": "/finding/5",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"222\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 432,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "4",
+ "object_id_int": 4,
+ "title": "High Impact Test Finding",
+ "description": "",
+ "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 4 None None Internal CRM App ",
+ "url": "/finding/4",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 433,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "6",
+ "object_id_int": 6,
+ "title": "High Impact Test Finding",
+ "description": "",
+ "content": "High Impact Test Finding None None None High test finding test mitigation HIGH None None S1 None None 5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7 None None None None None None None None None None 6 None None Internal CRM App 333",
+ "url": "/finding/6",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"333\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 434,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "7",
+ "object_id_int": 7,
+ "title": "Dummy Finding",
+ "description": "",
+ "content": "Dummy Finding None None http://www.example.com High TEST finding MITIGATION HIGH None None S1 None None c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0 None None None None None None None None None None 7 http://www.example.com None Internal CRM App ",
+ "url": "/finding/7",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 435,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "309",
+ "object_id_int": 309,
+ "title": "Cleartext Submission of Password",
+ "description": "",
+ "content": "Cleartext Submission of Password None None None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 309 None None BodgeIt ",
+ "url": "/finding/309",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 436,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "347",
+ "object_id_int": 347,
+ "title": "Cleartext Submission of Password",
+ "description": "",
+ "content": "Cleartext Submission of Password None None None High URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n \n\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\n Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S1 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 347 None None BodgeIt ",
+ "url": "/finding/347",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 437,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "302",
+ "object_id_int": 302,
+ "title": "Cross-Site Scripting (Reflected)",
+ "description": "",
+ "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 302 None None BodgeIt ",
+ "url": "/finding/302",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 438,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "340",
+ "object_id_int": 340,
+ "title": "Cross-Site Scripting (Reflected)",
+ "description": "",
+ "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 340 None None BodgeIt ",
+ "url": "/finding/340",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 439,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "345",
+ "object_id_int": 345,
+ "title": "SQL Injection",
+ "description": "",
+ "content": "SQL Injection None None None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None None None None None None None None None None None 345 None None BodgeIt ",
+ "url": "/finding/345",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 440,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "307",
+ "object_id_int": 307,
+ "title": "SQL Injection",
+ "description": "",
+ "content": "SQL Injection None None None High URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \n\n\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\n\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \n\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\n\n\n SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\n\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \n None None \n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\n\n\n S1 None None 31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a None None None None None None None None None None None 307 None None BodgeIt ",
+ "url": "/finding/307",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 441,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "280",
+ "object_id_int": 280,
+ "title": "Notepad++.exe | CVE-2007-2666",
+ "description": "",
+ "content": "Notepad++.exe | CVE-2007-2666 None None None High CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++. None None name: 23961\nsource: BID\nurl: http://www.securityfocus.com/bid/23961\n\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\n\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\nsource: BUGTRAQ\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\n\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\nsource: CONFIRM\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\n\nname: 3912\nsource: MILW0RM\nurl: http://www.milw0rm.com/exploits/3912\n\nname: ADV-2007-1794\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1794\n\nname: ADV-2007-1867\nsource: VUPEN\nurl: http://www.vupen.com/english/advisories/2007/1867\n\nname: notepadplus-rb-bo(34269)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34269\n\nname: scintilla-rb-bo(34372)\nsource: XF\nurl: http://xforce.iss.net/xforce/xfdb/34372\n\n S1 None None 1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a notepad++.exe None None None None None None None None None None 280 None None BodgeIt ",
+ "url": "/finding/280",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 442,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "281",
+ "object_id_int": 281,
+ "title": "Notepad++.exe | CVE-2008-3436",
+ "description": "",
+ "content": "Notepad++.exe | CVE-2008-3436 None None None High CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. None None name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\nsource: FULLDISC\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\n\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\nsource: MISC\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\n\n S1 None None b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb notepad++.exe None None None None None None None None None None 281 None None BodgeIt ",
+ "url": "/finding/281",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 443,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "145",
+ "object_id_int": 145,
+ "title": "Reflected XSS All Clients (basket.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 145 N/A None BodgeIt ",
+ "url": "/finding/145",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 444,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "13",
+ "object_id_int": 13,
+ "title": "Reflected XSS All Clients (basket.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 13 N/A None BodgeIt ",
+ "url": "/finding/13",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 445,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "product"
+ ],
+ "object_id": "2",
+ "object_id_int": 2,
+ "title": "Internal CRM App",
+ "description": "",
+ "content": "Internal CRM App * New product in development that attempts to follow all best practices medium web construction internal 2 Commerce",
+ "url": "/product/2",
+ "meta_encoded": "{\"prod_type__name\": \"Commerce\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 446,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "60",
+ "object_id_int": 60,
+ "title": "Reflected XSS All Clients (contact.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
+ "url": "/finding/60",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 447,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "192",
+ "object_id_int": 192,
+ "title": "Reflected XSS All Clients (contact.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
+ "url": "/finding/192",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 448,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "276",
+ "object_id_int": 276,
+ "title": "Reflected XSS All Clients (login.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None None None None 276 N/A None BodgeIt ",
+ "url": "/finding/276",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 449,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "65",
+ "object_id_int": 65,
+ "title": "Reflected XSS All Clients (register.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 65 N/A None BodgeIt ",
+ "url": "/finding/65",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 450,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "197",
+ "object_id_int": 197,
+ "title": "Reflected XSS All Clients (register.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 197 N/A None BodgeIt ",
+ "url": "/finding/197",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 451,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "217",
+ "object_id_int": 217,
+ "title": "Reflected XSS All Clients (search.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 217 N/A None BodgeIt ",
+ "url": "/finding/217",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 452,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "85",
+ "object_id_int": 85,
+ "title": "Reflected XSS All Clients (search.jsp)",
+ "description": "",
+ "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 85 N/A None BodgeIt ",
+ "url": "/finding/85",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 453,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "278",
+ "object_id_int": 278,
+ "title": "SQL Injection (basket.jsp)",
+ "description": "",
+ "content": "SQL Injection (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp None None None None None None None None None None 278 N/A None BodgeIt ",
+ "url": "/finding/278",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 454,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "45",
+ "object_id_int": 45,
+ "title": "SQL Injection (login.jsp)",
+ "description": "",
+ "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 45 N/A None BodgeIt ",
+ "url": "/finding/45",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 455,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "177",
+ "object_id_int": 177,
+ "title": "SQL Injection (login.jsp)",
+ "description": "",
+ "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 177 N/A None BodgeIt ",
+ "url": "/finding/177",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 456,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "18",
+ "object_id_int": 18,
+ "title": "SQL Injection (password.jsp)",
+ "description": "",
+ "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 18 N/A None BodgeIt ",
+ "url": "/finding/18",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 457,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "150",
+ "object_id_int": 150,
+ "title": "SQL Injection (password.jsp)",
+ "description": "",
+ "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 150 N/A None BodgeIt ",
+ "url": "/finding/150",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 458,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "8",
+ "object_id_int": 8,
+ "title": "SQL Injection (register.jsp)",
+ "description": "",
+ "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 8 N/A None BodgeIt ",
+ "url": "/finding/8",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 459,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "140",
+ "object_id_int": 140,
+ "title": "SQL Injection (register.jsp)",
+ "description": "",
+ "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 140 N/A None BodgeIt ",
+ "url": "/finding/140",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 460,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "51",
+ "object_id_int": 51,
+ "title": "Stored XSS (admin.jsp)",
+ "description": "",
+ "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 51 N/A None BodgeIt ",
+ "url": "/finding/51",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 461,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "183",
+ "object_id_int": 183,
+ "title": "Stored XSS (admin.jsp)",
+ "description": "",
+ "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 183 N/A None BodgeIt ",
+ "url": "/finding/183",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 462,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "151",
+ "object_id_int": 151,
+ "title": "Stored XSS (basket.jsp)",
+ "description": "",
+ "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 151 N/A None BodgeIt ",
+ "url": "/finding/151",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 463,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "19",
+ "object_id_int": 19,
+ "title": "Stored XSS (basket.jsp)",
+ "description": "",
+ "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 19 N/A None BodgeIt ",
+ "url": "/finding/19",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 464,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "258",
+ "object_id_int": 258,
+ "title": "Stored XSS (contact.jsp)",
+ "description": "",
+ "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 258 N/A None BodgeIt ",
+ "url": "/finding/258",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 465,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "126",
+ "object_id_int": 126,
+ "title": "Stored XSS (contact.jsp)",
+ "description": "",
+ "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 126 N/A None BodgeIt ",
+ "url": "/finding/126",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 466,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "90",
+ "object_id_int": 90,
+ "title": "Stored XSS (contact.jsp)",
+ "description": "",
+ "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 90 N/A None BodgeIt ",
+ "url": "/finding/90",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 467,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "222",
+ "object_id_int": 222,
+ "title": "Stored XSS (contact.jsp)",
+ "description": "",
+ "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 222 N/A None BodgeIt ",
+ "url": "/finding/222",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 468,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "63",
+ "object_id_int": 63,
+ "title": "Stored XSS (home.jsp)",
+ "description": "",
+ "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 63 N/A None BodgeIt ",
+ "url": "/finding/63",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 469,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "195",
+ "object_id_int": 195,
+ "title": "Stored XSS (home.jsp)",
+ "description": "",
+ "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 195 N/A None BodgeIt ",
+ "url": "/finding/195",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 470,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "263",
+ "object_id_int": 263,
+ "title": "Stored XSS (product.jsp)",
+ "description": "",
+ "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 263 N/A None BodgeIt ",
+ "url": "/finding/263",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 471,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "131",
+ "object_id_int": 131,
+ "title": "Stored XSS (product.jsp)",
+ "description": "",
+ "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 131 N/A None BodgeIt ",
+ "url": "/finding/131",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 472,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "234",
+ "object_id_int": 234,
+ "title": "Stored XSS (score.jsp)",
+ "description": "",
+ "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 234 N/A None BodgeIt ",
+ "url": "/finding/234",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 473,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "102",
+ "object_id_int": 102,
+ "title": "Stored XSS (score.jsp)",
+ "description": "",
+ "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 102 N/A None BodgeIt ",
+ "url": "/finding/102",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 474,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "189",
+ "object_id_int": 189,
+ "title": "Stored XSS (search.jsp)",
+ "description": "",
+ "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 189 N/A None BodgeIt ",
+ "url": "/finding/189",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 475,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "57",
+ "object_id_int": 57,
+ "title": "Stored XSS (search.jsp)",
+ "description": "",
+ "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 57 N/A None BodgeIt ",
+ "url": "/finding/57",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"High\", \"severity_display\": \"High\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 476,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "288",
+ "object_id_int": 288,
+ "title": ".NET Debugging Enabled",
+ "description": "",
+ "content": ".NET Debugging Enabled None None None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n None None None S2 None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None None None None None None None None None None None 288 None None BodgeIt ",
+ "url": "/finding/288",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 477,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "283",
+ "object_id_int": 283,
+ "title": ".NET Debugging Enabled",
+ "description": "",
+ "content": ".NET Debugging Enabled None None None Medium Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n None None None S2 None None 6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a None None None None None None None None None None None 283 None None BodgeIt ",
+ "url": "/finding/283",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 478,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "315",
+ "object_id_int": 315,
+ "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
+ "description": "",
+ "content": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501 None None N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None 58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5 /vagrant/go/src/govwa/user/user.go None None None None None None None None None None 315 N/A None BodgeIt ",
+ "url": "/finding/315",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 479,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "product"
+ ],
+ "object_id": "1",
+ "object_id_int": 1,
+ "title": "BodgeIt",
+ "description": "",
+ "content": "BodgeIt [Features](https://github.com/psiinon/bodgeit) and characteristics:\r\n\r\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\r\n* Self contained (no additional dependencies other than to 2 in the above line)\r\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\r\n* Cross platform\r\n* Open source\r\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up high web production internal 1 Commerce",
+ "url": "/product/1",
+ "meta_encoded": "{\"prod_type__name\": \"Commerce\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 480,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "329",
+ "object_id_int": 329,
+ "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
+ "description": "",
+ "content": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None 822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1 /vagrant/go/src/govwa/vulnerability/csa/csa.go None None None None None None None None None None 329 N/A None BodgeIt ",
+ "url": "/finding/329",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 481,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "330",
+ "object_id_int": 330,
+ "title": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501",
+ "description": "",
+ "content": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n coming soon None None S2 None None 1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 330 N/A None BodgeIt ",
+ "url": "/finding/330",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 482,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "342",
+ "object_id_int": 342,
+ "title": "Password Returned in Later Response",
+ "description": "",
+ "content": "Password Returned in Later Response None None None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None None None None None None None None None None None 342 None None BodgeIt ",
+ "url": "/finding/342",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 483,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "304",
+ "object_id_int": 304,
+ "title": "Password Returned in Later Response",
+ "description": "",
+ "content": "Password Returned in Later Response None None None Medium URL: http://localhost:8888/bodgeit/search.jsp\n\n\n \n\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\n Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\n\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\n None None S2 None None a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428 None None None None None None None None None None None 304 None None BodgeIt ",
+ "url": "/finding/304",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 484,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "314",
+ "object_id_int": 314,
+ "title": "SQL String Formatting-G201",
+ "description": "",
+ "content": "SQL String Formatting-G201 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n coming soon None None S2 None None 929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd /vagrant/go/src/govwa/vulnerability/sqli/function.go None None None None None None None None None None 314 N/A None BodgeIt ",
+ "url": "/finding/314",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 485,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "328",
+ "object_id_int": 328,
+ "title": "Use of Weak Cryptographic Primitive-G401",
+ "description": "",
+ "content": "Use of Weak Cryptographic Primitive-G401 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None 409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692 /vagrant/go/src/govwa/vulnerability/csa/csa.go None None None None None None None None None None 328 N/A None BodgeIt ",
+ "url": "/finding/328",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 486,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "319",
+ "object_id_int": 319,
+ "title": "Use of Weak Cryptographic Primitive-G401",
+ "description": "",
+ "content": "Use of Weak Cryptographic Primitive-G401 None None N/A Medium Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None 493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4 /vagrant/go/src/govwa/user/user.go None None None None None None None None None None 319 N/A None BodgeIt ",
+ "url": "/finding/319",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 487,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "318",
+ "object_id_int": 318,
+ "title": "Use of Weak Cryptographic Primitive-G401",
+ "description": "",
+ "content": "Use of Weak Cryptographic Primitive-G401 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n coming soon None None S2 None None 01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 318 N/A None BodgeIt ",
+ "url": "/finding/318",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 488,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "333",
+ "object_id_int": 333,
+ "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "description": "",
+ "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 333 N/A None BodgeIt ",
+ "url": "/finding/333",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 489,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "337",
+ "object_id_int": 337,
+ "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "description": "",
+ "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n coming soon None None S2 None None 2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66 /vagrant/go/src/govwa/util/template.go None None None None None None None None None None 337 N/A None BodgeIt ",
+ "url": "/finding/337",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 490,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "310",
+ "object_id_int": 310,
+ "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "description": "",
+ "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 310 N/A None BodgeIt ",
+ "url": "/finding/310",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 491,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "325",
+ "object_id_int": 325,
+ "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "description": "",
+ "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 325 N/A None BodgeIt ",
+ "url": "/finding/325",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 492,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "311",
+ "object_id_int": 311,
+ "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "description": "",
+ "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 311 N/A None BodgeIt ",
+ "url": "/finding/311",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 493,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "324",
+ "object_id_int": 324,
+ "title": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203",
+ "description": "",
+ "content": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203 None None N/A Medium Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n coming soon None None S2 None None ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9 /vagrant/go/src/govwa/vulnerability/xss/xss.go None None None None None None None None None None 324 N/A None BodgeIt ",
+ "url": "/finding/324",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 494,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "101",
+ "object_id_int": 101,
+ "title": "CGI Reflected XSS All Clients (basket.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 101 N/A None BodgeIt ",
+ "url": "/finding/101",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 495,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "233",
+ "object_id_int": 233,
+ "title": "CGI Reflected XSS All Clients (basket.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 233 N/A None BodgeIt ",
+ "url": "/finding/233",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 496,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "134",
+ "object_id_int": 134,
+ "title": "CGI Reflected XSS All Clients (contact.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
+ "url": "/finding/134",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 497,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "266",
+ "object_id_int": 266,
+ "title": "CGI Reflected XSS All Clients (contact.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"",
+ "url": "/finding/266",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 498,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "170",
+ "object_id_int": 170,
+ "title": "CGI Reflected XSS All Clients (login.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 170 N/A None BodgeIt ",
+ "url": "/finding/170",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 499,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "38",
+ "object_id_int": 38,
+ "title": "CGI Reflected XSS All Clients (login.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 38 N/A None BodgeIt ",
+ "url": "/finding/38",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 500,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "15",
+ "object_id_int": 15,
+ "title": "CGI Reflected XSS All Clients (register.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 15 N/A None BodgeIt ",
+ "url": "/finding/15",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 501,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "147",
+ "object_id_int": 147,
+ "title": "CGI Reflected XSS All Clients (register.jsp)",
+ "description": "",
+ "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 147 N/A None BodgeIt ",
+ "url": "/finding/147",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 502,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "223",
+ "object_id_int": 223,
+ "title": "CGI Stored XSS (admin.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 223 N/A None BodgeIt ",
+ "url": "/finding/223",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 503,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "91",
+ "object_id_int": 91,
+ "title": "CGI Stored XSS (admin.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 91 N/A None BodgeIt ",
+ "url": "/finding/91",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 504,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "82",
+ "object_id_int": 82,
+ "title": "CGI Stored XSS (basket.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 82 N/A None BodgeIt ",
+ "url": "/finding/82",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 505,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "214",
+ "object_id_int": 214,
+ "title": "CGI Stored XSS (basket.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 214 N/A None BodgeIt ",
+ "url": "/finding/214",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 506,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "96",
+ "object_id_int": 96,
+ "title": "CGI Stored XSS (header.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 96 N/A None BodgeIt ",
+ "url": "/finding/96",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 507,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "228",
+ "object_id_int": 228,
+ "title": "CGI Stored XSS (header.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 228 N/A None BodgeIt ",
+ "url": "/finding/228",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 508,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "152",
+ "object_id_int": 152,
+ "title": "CGI Stored XSS (home.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 152 N/A None BodgeIt ",
+ "url": "/finding/152",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 509,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "20",
+ "object_id_int": 20,
+ "title": "CGI Stored XSS (home.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 20 N/A None BodgeIt ",
+ "url": "/finding/20",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 510,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "207",
+ "object_id_int": 207,
+ "title": "CGI Stored XSS (product.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 207 N/A None BodgeIt ",
+ "url": "/finding/207",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 511,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "75",
+ "object_id_int": 75,
+ "title": "CGI Stored XSS (product.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 75 N/A None BodgeIt ",
+ "url": "/finding/75",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 512,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "179",
+ "object_id_int": 179,
+ "title": "CGI Stored XSS (score.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 179 N/A None BodgeIt ",
+ "url": "/finding/179",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 513,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "47",
+ "object_id_int": 47,
+ "title": "CGI Stored XSS (score.jsp)",
+ "description": "",
+ "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 47 N/A None BodgeIt ",
+ "url": "/finding/47",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 514,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "165",
+ "object_id_int": 165,
+ "title": "Client Cross Frame Scripting Attack (advanced.jsp)",
+ "description": "",
+ "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 165 N/A None BodgeIt ",
+ "url": "/finding/165",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 515,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "33",
+ "object_id_int": 33,
+ "title": "Client Cross Frame Scripting Attack (advanced.jsp)",
+ "description": "",
+ "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 33 N/A None BodgeIt ",
+ "url": "/finding/33",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 516,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "52",
+ "object_id_int": 52,
+ "title": "Download of Code Without Integrity Check (admin.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 52 N/A None BodgeIt ",
+ "url": "/finding/52",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 517,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "184",
+ "object_id_int": 184,
+ "title": "Download of Code Without Integrity Check (admin.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 184 N/A None BodgeIt ",
+ "url": "/finding/184",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 518,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "138",
+ "object_id_int": 138,
+ "title": "Download of Code Without Integrity Check (advanced.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 138 N/A None BodgeIt ",
+ "url": "/finding/138",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 519,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "270",
+ "object_id_int": 270,
+ "title": "Download of Code Without Integrity Check (advanced.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 270 N/A None BodgeIt ",
+ "url": "/finding/270",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 520,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "272",
+ "object_id_int": 272,
+ "title": "Download of Code Without Integrity Check (basket.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp None None None None None None None None None None 272 N/A None BodgeIt ",
+ "url": "/finding/272",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 521,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "77",
+ "object_id_int": 77,
+ "title": "Download of Code Without Integrity Check (header.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 77 N/A None BodgeIt ",
+ "url": "/finding/77",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 522,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "209",
+ "object_id_int": 209,
+ "title": "Download of Code Without Integrity Check (header.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 209 N/A None BodgeIt ",
+ "url": "/finding/209",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 523,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "175",
+ "object_id_int": 175,
+ "title": "Download of Code Without Integrity Check (home.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 175 N/A None BodgeIt ",
+ "url": "/finding/175",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 524,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "43",
+ "object_id_int": 43,
+ "title": "Download of Code Without Integrity Check (home.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 43 N/A None BodgeIt ",
+ "url": "/finding/43",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 525,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "141",
+ "object_id_int": 141,
+ "title": "Download of Code Without Integrity Check (login.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 141 N/A None BodgeIt ",
+ "url": "/finding/141",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 526,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "9",
+ "object_id_int": 9,
+ "title": "Download of Code Without Integrity Check (login.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 9 N/A None BodgeIt ",
+ "url": "/finding/9",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 527,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "199",
+ "object_id_int": 199,
+ "title": "Download of Code Without Integrity Check (password.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 199 N/A None BodgeIt ",
+ "url": "/finding/199",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 528,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "67",
+ "object_id_int": 67,
+ "title": "Download of Code Without Integrity Check (password.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 67 N/A None BodgeIt ",
+ "url": "/finding/67",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 529,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "187",
+ "object_id_int": 187,
+ "title": "Download of Code Without Integrity Check (product.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 187 N/A None BodgeIt ",
+ "url": "/finding/187",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 530,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "55",
+ "object_id_int": 55,
+ "title": "Download of Code Without Integrity Check (product.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 55 N/A None BodgeIt ",
+ "url": "/finding/55",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 531,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "62",
+ "object_id_int": 62,
+ "title": "Download of Code Without Integrity Check (register.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 62 N/A None BodgeIt ",
+ "url": "/finding/62",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 532,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "194",
+ "object_id_int": 194,
+ "title": "Download of Code Without Integrity Check (register.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 194 N/A None BodgeIt ",
+ "url": "/finding/194",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 533,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "200",
+ "object_id_int": 200,
+ "title": "Download of Code Without Integrity Check (score.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 200 N/A None BodgeIt ",
+ "url": "/finding/200",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 534,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "68",
+ "object_id_int": 68,
+ "title": "Download of Code Without Integrity Check (score.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 68 N/A None BodgeIt ",
+ "url": "/finding/68",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 535,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "110",
+ "object_id_int": 110,
+ "title": "Download of Code Without Integrity Check (search.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 110 N/A None BodgeIt ",
+ "url": "/finding/110",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 536,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "242",
+ "object_id_int": 242,
+ "title": "Download of Code Without Integrity Check (search.jsp)",
+ "description": "",
+ "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 242 N/A None BodgeIt ",
+ "url": "/finding/242",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 537,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "117",
+ "object_id_int": 117,
+ "title": "Hardcoded Password in Connection String (advanced.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 117 N/A None BodgeIt ",
+ "url": "/finding/117",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 538,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "249",
+ "object_id_int": 249,
+ "title": "Hardcoded Password in Connection String (advanced.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 249 N/A None BodgeIt ",
+ "url": "/finding/249",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 539,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "50",
+ "object_id_int": 50,
+ "title": "Hardcoded Password in Connection String (basket.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 50 N/A None BodgeIt ",
+ "url": "/finding/50",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 540,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "182",
+ "object_id_int": 182,
+ "title": "Hardcoded Password in Connection String (basket.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 182 N/A None BodgeIt ",
+ "url": "/finding/182",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 541,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "40",
+ "object_id_int": 40,
+ "title": "Hardcoded Password in Connection String (contact.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 40 N/A None BodgeIt ",
+ "url": "/finding/40",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 542,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "172",
+ "object_id_int": 172,
+ "title": "Hardcoded Password in Connection String (contact.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 172 N/A None BodgeIt ",
+ "url": "/finding/172",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 543,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "173",
+ "object_id_int": 173,
+ "title": "Hardcoded Password in Connection String (dbconnection.jspf)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 173 N/A None BodgeIt ",
+ "url": "/finding/173",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 544,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "41",
+ "object_id_int": 41,
+ "title": "Hardcoded Password in Connection String (dbconnection.jspf)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 41 N/A None BodgeIt ",
+ "url": "/finding/41",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 545,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "24",
+ "object_id_int": 24,
+ "title": "Hardcoded Password in Connection String (home.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 24 N/A None BodgeIt ",
+ "url": "/finding/24",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 546,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "156",
+ "object_id_int": 156,
+ "title": "Hardcoded Password in Connection String (home.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 156 N/A None BodgeIt ",
+ "url": "/finding/156",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 547,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "59",
+ "object_id_int": 59,
+ "title": "Hardcoded Password in Connection String (init.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 59 N/A None BodgeIt ",
+ "url": "/finding/59",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 548,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "191",
+ "object_id_int": 191,
+ "title": "Hardcoded Password in Connection String (init.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 191 N/A None BodgeIt ",
+ "url": "/finding/191",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 549,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "248",
+ "object_id_int": 248,
+ "title": "Hardcoded Password in Connection String (login.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 248 N/A None BodgeIt ",
+ "url": "/finding/248",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 550,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "116",
+ "object_id_int": 116,
+ "title": "Hardcoded Password in Connection String (login.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 116 N/A None BodgeIt ",
+ "url": "/finding/116",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 551,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "34",
+ "object_id_int": 34,
+ "title": "Hardcoded Password in Connection String (password.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 34 N/A None BodgeIt ",
+ "url": "/finding/34",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 552,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "166",
+ "object_id_int": 166,
+ "title": "Hardcoded Password in Connection String (password.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 166 N/A None BodgeIt ",
+ "url": "/finding/166",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 553,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "148",
+ "object_id_int": 148,
+ "title": "Hardcoded Password in Connection String (product.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 148 N/A None BodgeIt ",
+ "url": "/finding/148",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 554,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "16",
+ "object_id_int": 16,
+ "title": "Hardcoded Password in Connection String (product.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 16 N/A None BodgeIt ",
+ "url": "/finding/16",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 555,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "81",
+ "object_id_int": 81,
+ "title": "Hardcoded Password in Connection String (search.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 81 N/A None BodgeIt ",
+ "url": "/finding/81",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 556,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "213",
+ "object_id_int": 213,
+ "title": "Hardcoded Password in Connection String (search.jsp)",
+ "description": "",
+ "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 213 N/A None BodgeIt ",
+ "url": "/finding/213",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 557,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "265",
+ "object_id_int": 265,
+ "title": "Heap Inspection (init.jsp)",
+ "description": "",
+ "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 265 N/A None BodgeIt ",
+ "url": "/finding/265",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 558,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "133",
+ "object_id_int": 133,
+ "title": "Heap Inspection (init.jsp)",
+ "description": "",
+ "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 133 N/A None BodgeIt ",
+ "url": "/finding/133",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 559,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "54",
+ "object_id_int": 54,
+ "title": "Heap Inspection (login.jsp)",
+ "description": "",
+ "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 54 N/A None BodgeIt ",
+ "url": "/finding/54",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 560,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "186",
+ "object_id_int": 186,
+ "title": "Heap Inspection (login.jsp)",
+ "description": "",
+ "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 186 N/A None BodgeIt ",
+ "url": "/finding/186",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 561,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "26",
+ "object_id_int": 26,
+ "title": "Heap Inspection (password.jsp)",
+ "description": "",
+ "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 26 N/A None BodgeIt ",
+ "url": "/finding/26",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 562,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "158",
+ "object_id_int": 158,
+ "title": "Heap Inspection (password.jsp)",
+ "description": "",
+ "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 158 N/A None BodgeIt ",
+ "url": "/finding/158",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 563,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "92",
+ "object_id_int": 92,
+ "title": "Heap Inspection (register.jsp)",
+ "description": "",
+ "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 92 N/A None BodgeIt ",
+ "url": "/finding/92",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 564,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "224",
+ "object_id_int": 224,
+ "title": "Heap Inspection (register.jsp)",
+ "description": "",
+ "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 224 N/A None BodgeIt ",
+ "url": "/finding/224",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 565,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "193",
+ "object_id_int": 193,
+ "title": "HttpOnlyCookies (basket.jsp)",
+ "description": "",
+ "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 193 N/A None BodgeIt ",
+ "url": "/finding/193",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 566,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "61",
+ "object_id_int": 61,
+ "title": "HttpOnlyCookies (basket.jsp)",
+ "description": "",
+ "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 61 N/A None BodgeIt ",
+ "url": "/finding/61",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 567,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "259",
+ "object_id_int": 259,
+ "title": "HttpOnlyCookies (login.jsp)",
+ "description": "",
+ "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 259 N/A None BodgeIt ",
+ "url": "/finding/259",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 568,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "127",
+ "object_id_int": 127,
+ "title": "HttpOnlyCookies (login.jsp)",
+ "description": "",
+ "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 127 N/A None BodgeIt ",
+ "url": "/finding/127",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 569,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "14",
+ "object_id_int": 14,
+ "title": "HttpOnlyCookies (register.jsp)",
+ "description": "",
+ "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 14 N/A None BodgeIt ",
+ "url": "/finding/14",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 570,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "146",
+ "object_id_int": 146,
+ "title": "HttpOnlyCookies (register.jsp)",
+ "description": "",
+ "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 146 N/A None BodgeIt ",
+ "url": "/finding/146",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 571,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "98",
+ "object_id_int": 98,
+ "title": "HttpOnlyCookies in Config (web.xml)",
+ "description": "",
+ "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 98 N/A None BodgeIt ",
+ "url": "/finding/98",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 572,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "230",
+ "object_id_int": 230,
+ "title": "HttpOnlyCookies in Config (web.xml)",
+ "description": "",
+ "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 230 N/A None BodgeIt ",
+ "url": "/finding/230",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 573,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "167",
+ "object_id_int": 167,
+ "title": "HttpOnlyCookies in Config (web.xml)",
+ "description": "",
+ "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 167 N/A None BodgeIt ",
+ "url": "/finding/167",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 574,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "35",
+ "object_id_int": 35,
+ "title": "HttpOnlyCookies in Config (web.xml)",
+ "description": "",
+ "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 35 N/A None BodgeIt ",
+ "url": "/finding/35",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 575,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "56",
+ "object_id_int": 56,
+ "title": "Session Fixation (AdvancedSearch.java)",
+ "description": "",
+ "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 56 N/A None BodgeIt ",
+ "url": "/finding/56",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 576,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "188",
+ "object_id_int": 188,
+ "title": "Session Fixation (AdvancedSearch.java)",
+ "description": "",
+ "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 188 N/A None BodgeIt ",
+ "url": "/finding/188",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 577,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "247",
+ "object_id_int": 247,
+ "title": "Session Fixation (logout.jsp)",
+ "description": "",
+ "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 247 N/A None BodgeIt ",
+ "url": "/finding/247",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 578,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "115",
+ "object_id_int": 115,
+ "title": "Session Fixation (logout.jsp)",
+ "description": "",
+ "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 115 N/A None BodgeIt ",
+ "url": "/finding/115",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 579,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "28",
+ "object_id_int": 28,
+ "title": "Trust Boundary Violation (login.jsp)",
+ "description": "",
+ "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 28 N/A None BodgeIt ",
+ "url": "/finding/28",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 580,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "160",
+ "object_id_int": 160,
+ "title": "Trust Boundary Violation (login.jsp)",
+ "description": "",
+ "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 160 N/A None BodgeIt ",
+ "url": "/finding/160",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 581,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "274",
+ "object_id_int": 274,
+ "title": "Use of Cryptographically Weak PRNG (contact.jsp)",
+ "description": "",
+ "content": "Use of Cryptographically Weak PRNG (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp None None None None None None None None None None 274 N/A None BodgeIt ",
+ "url": "/finding/274",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 582,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "159",
+ "object_id_int": 159,
+ "title": "Use of Cryptographically Weak PRNG (home.jsp)",
+ "description": "",
+ "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 159 N/A None BodgeIt ",
+ "url": "/finding/159",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 583,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "27",
+ "object_id_int": 27,
+ "title": "Use of Cryptographically Weak PRNG (home.jsp)",
+ "description": "",
+ "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 27 N/A None BodgeIt ",
+ "url": "/finding/27",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 584,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "206",
+ "object_id_int": 206,
+ "title": "Use of Cryptographically Weak PRNG (init.jsp)",
+ "description": "",
+ "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 206 N/A None BodgeIt ",
+ "url": "/finding/206",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 585,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "74",
+ "object_id_int": 74,
+ "title": "Use of Cryptographically Weak PRNG (init.jsp)",
+ "description": "",
+ "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 74 N/A None BodgeIt ",
+ "url": "/finding/74",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 586,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "99",
+ "object_id_int": 99,
+ "title": "Use of Hard Coded Cryptographic Key (AES.java)",
+ "description": "",
+ "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 99 N/A None BodgeIt ",
+ "url": "/finding/99",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 587,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "231",
+ "object_id_int": 231,
+ "title": "Use of Hard Coded Cryptographic Key (AES.java)",
+ "description": "",
+ "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 231 N/A None BodgeIt ",
+ "url": "/finding/231",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 588,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "88",
+ "object_id_int": 88,
+ "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)",
+ "description": "",
+ "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 88 N/A None BodgeIt ",
+ "url": "/finding/88",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 589,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "220",
+ "object_id_int": 220,
+ "title": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)",
+ "description": "",
+ "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 220 N/A None BodgeIt ",
+ "url": "/finding/220",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 590,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "257",
+ "object_id_int": 257,
+ "title": "Use of Insufficiently Random Values (contact.jsp)",
+ "description": "",
+ "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 257 N/A None BodgeIt ",
+ "url": "/finding/257",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 591,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "125",
+ "object_id_int": 125,
+ "title": "Use of Insufficiently Random Values (contact.jsp)",
+ "description": "",
+ "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 125 N/A None BodgeIt ",
+ "url": "/finding/125",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 592,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "277",
+ "object_id_int": 277,
+ "title": "Use of Insufficiently Random Values (home.jsp)",
+ "description": "",
+ "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None None None None 277 N/A None BodgeIt ",
+ "url": "/finding/277",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 593,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "83",
+ "object_id_int": 83,
+ "title": "Use of Insufficiently Random Values (init.jsp)",
+ "description": "",
+ "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 83 N/A None BodgeIt ",
+ "url": "/finding/83",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 594,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "215",
+ "object_id_int": 215,
+ "title": "Use of Insufficiently Random Values (init.jsp)",
+ "description": "",
+ "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 215 N/A None BodgeIt ",
+ "url": "/finding/215",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 595,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "269",
+ "object_id_int": 269,
+ "title": "XSRF (password.jsp)",
+ "description": "",
+ "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 269 N/A None BodgeIt ",
+ "url": "/finding/269",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 596,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "137",
+ "object_id_int": 137,
+ "title": "XSRF (password.jsp)",
+ "description": "",
+ "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 137 N/A None BodgeIt ",
+ "url": "/finding/137",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Medium\", \"severity_display\": \"Medium\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 597,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "323",
+ "object_id_int": 323,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n coming soon None None S3 None None 2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95 /vagrant/go/src/govwa/app.go None None None None None None None None None None 323 N/A None BodgeIt ",
+ "url": "/finding/323",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 598,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "332",
+ "object_id_int": 332,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 332 N/A None BodgeIt ",
+ "url": "/finding/332",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 599,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "321",
+ "object_id_int": 321,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n coming soon None None S3 None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go None None None None None None None None None None 321 N/A None BodgeIt ",
+ "url": "/finding/321",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 600,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "326",
+ "object_id_int": 326,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n coming soon None None S3 None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go None None None None None None None None None None 326 N/A None BodgeIt ",
+ "url": "/finding/326",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 601,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "327",
+ "object_id_int": 327,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n coming soon None None S3 None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go None None None None None None None None None None 327 N/A None BodgeIt ",
+ "url": "/finding/327",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 602,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "317",
+ "object_id_int": 317,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None 847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af /vagrant/go/src/govwa/vulnerability/csa/csa.go None None None None None None None None None None 317 N/A None BodgeIt ",
+ "url": "/finding/317",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 603,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "313",
+ "object_id_int": 313,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 313 N/A None BodgeIt ",
+ "url": "/finding/313",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 604,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "320",
+ "object_id_int": 320,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n coming soon None None S3 None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go None None None None None None None None None None 320 N/A None BodgeIt ",
+ "url": "/finding/320",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 605,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "312",
+ "object_id_int": 312,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 312 N/A None BodgeIt ",
+ "url": "/finding/312",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 606,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "316",
+ "object_id_int": 316,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 316 N/A None BodgeIt ",
+ "url": "/finding/316",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 607,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "331",
+ "object_id_int": 331,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n coming soon None None S3 None None 9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a /vagrant/go/src/govwa/util/cookie.go None None None None None None None None None None 331 N/A None BodgeIt ",
+ "url": "/finding/331",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 608,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "336",
+ "object_id_int": 336,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n coming soon None None S3 None None a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab /vagrant/go/src/govwa/util/template.go None None None None None None None None None None 336 N/A None BodgeIt ",
+ "url": "/finding/336",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 609,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "322",
+ "object_id_int": 322,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n coming soon None None S3 None None 0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de /vagrant/go/src/govwa/util/middleware/middleware.go None None None None None None None None None None 322 N/A None BodgeIt ",
+ "url": "/finding/322",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 610,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "335",
+ "object_id_int": 335,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n coming soon None None S3 None None 27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa /vagrant/go/src/govwa/user/user.go None None None None None None None None None None 335 N/A None BodgeIt ",
+ "url": "/finding/335",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 611,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "334",
+ "object_id_int": 334,
+ "title": "Errors Unhandled.-G104",
+ "description": "",
+ "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n coming soon None None S3 None None b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3 /vagrant/go/src/govwa/vulnerability/idor/idor.go None None None None None None None None None None 334 N/A None BodgeIt ",
+ "url": "/finding/334",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 612,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "300",
+ "object_id_int": 300,
+ "title": "Password Field With Autocomplete Enabled",
+ "description": "",
+ "content": "Password Field With Autocomplete Enabled None None None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 300 None None BodgeIt ",
+ "url": "/finding/300",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 613,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "338",
+ "object_id_int": 338,
+ "title": "Password Field With Autocomplete Enabled",
+ "description": "",
+ "content": "Password Field With Autocomplete Enabled None None None Low URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n \n\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\"off\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\n\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\n Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\n\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \n None None S3 None None cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c None None None None None None None None None None None 338 None None BodgeIt ",
+ "url": "/finding/338",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 614,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "284",
+ "object_id_int": 284,
+ "title": "URL Request Gets Path From Variable",
+ "description": "",
+ "content": "URL Request Gets Path From Variable None None None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None None None None None None None None None None None 284 None None BodgeIt ",
+ "url": "/finding/284",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 615,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "295",
+ "object_id_int": 295,
+ "title": "URL Request Gets Path From Variable",
+ "description": "",
+ "content": "URL Request Gets Path From Variable None None None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n None None None S3 None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None None None None None None None None None None None 295 None None BodgeIt ",
+ "url": "/finding/295",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 616,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "292",
+ "object_id_int": 292,
+ "title": "URL Request Gets Path From Variable",
+ "description": "",
+ "content": "URL Request Gets Path From Variable None None None Low Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n None None None S3 None None dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c None None None None None None None None None None None 292 None None BodgeIt ",
+ "url": "/finding/292",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 617,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "303",
+ "object_id_int": 303,
+ "title": "Unencrypted Communications",
+ "description": "",
+ "content": "Unencrypted Communications None None None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None None None None None None None None None None None 303 None None BodgeIt ",
+ "url": "/finding/303",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 618,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "341",
+ "object_id_int": 341,
+ "title": "Unencrypted Communications",
+ "description": "",
+ "content": "Unencrypted Communications None None None Low URL: http://localhost:8888/\n\n\n \n\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\n The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\n\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \n\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\n None None \n\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\n\n\n S3 None None 7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503 None None None None None None None None None None None 341 None None BodgeIt ",
+ "url": "/finding/341",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 619,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "229",
+ "object_id_int": 229,
+ "title": "Blind SQL Injections (basket.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 229 N/A None BodgeIt ",
+ "url": "/finding/229",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 620,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "97",
+ "object_id_int": 97,
+ "title": "Blind SQL Injections (basket.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 97 N/A None BodgeIt ",
+ "url": "/finding/97",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 621,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "79",
+ "object_id_int": 79,
+ "title": "Blind SQL Injections (login.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 79 N/A None BodgeIt ",
+ "url": "/finding/79",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 622,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "211",
+ "object_id_int": 211,
+ "title": "Blind SQL Injections (login.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 211 N/A None BodgeIt ",
+ "url": "/finding/211",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 623,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "157",
+ "object_id_int": 157,
+ "title": "Blind SQL Injections (password.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 157 N/A None BodgeIt ",
+ "url": "/finding/157",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 624,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "25",
+ "object_id_int": 25,
+ "title": "Blind SQL Injections (password.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 25 N/A None BodgeIt ",
+ "url": "/finding/25",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 625,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "240",
+ "object_id_int": 240,
+ "title": "Blind SQL Injections (register.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 240 N/A None BodgeIt ",
+ "url": "/finding/240",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 626,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "108",
+ "object_id_int": 108,
+ "title": "Blind SQL Injections (register.jsp)",
+ "description": "",
+ "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 108 N/A None BodgeIt ",
+ "url": "/finding/108",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 627,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "80",
+ "object_id_int": 80,
+ "title": "Client DOM Open Redirect (advanced.jsp)",
+ "description": "",
+ "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 80 N/A None BodgeIt ",
+ "url": "/finding/80",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 628,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "212",
+ "object_id_int": 212,
+ "title": "Client DOM Open Redirect (advanced.jsp)",
+ "description": "",
+ "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 212 N/A None BodgeIt ",
+ "url": "/finding/212",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 629,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "149",
+ "object_id_int": 149,
+ "title": "Client Insecure Randomness (encryption.js)",
+ "description": "",
+ "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 149 N/A None BodgeIt ",
+ "url": "/finding/149",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 630,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "17",
+ "object_id_int": 17,
+ "title": "Client Insecure Randomness (encryption.js)",
+ "description": "",
+ "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 17 N/A None BodgeIt ",
+ "url": "/finding/17",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 631,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "22",
+ "object_id_int": 22,
+ "title": "Collapse of Data Into Unsafe Value (contact.jsp)",
+ "description": "",
+ "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"",
+ "url": "/finding/22",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 632,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "154",
+ "object_id_int": 154,
+ "title": "Collapse of Data Into Unsafe Value (contact.jsp)",
+ "description": "",
+ "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"",
+ "url": "/finding/154",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 633,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "178",
+ "object_id_int": 178,
+ "title": "Empty Password in Connection String (advanced.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 178 N/A None BodgeIt ",
+ "url": "/finding/178",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 634,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "46",
+ "object_id_int": 46,
+ "title": "Empty Password in Connection String (advanced.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 46 N/A None BodgeIt ",
+ "url": "/finding/46",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 635,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "267",
+ "object_id_int": 267,
+ "title": "Empty Password in Connection String (contact.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 267 N/A None BodgeIt ",
+ "url": "/finding/267",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 636,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "135",
+ "object_id_int": 135,
+ "title": "Empty Password in Connection String (contact.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 135 N/A None BodgeIt ",
+ "url": "/finding/135",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 637,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "190",
+ "object_id_int": 190,
+ "title": "Empty Password in Connection String (dbconnection.jspf)",
+ "description": "",
+ "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 190 N/A None BodgeIt ",
+ "url": "/finding/190",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 638,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "58",
+ "object_id_int": 58,
+ "title": "Empty Password in Connection String (dbconnection.jspf)",
+ "description": "",
+ "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 58 N/A None BodgeIt ",
+ "url": "/finding/58",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 639,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "71",
+ "object_id_int": 71,
+ "title": "Empty Password in Connection String (header.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 71 N/A None BodgeIt ",
+ "url": "/finding/71",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 640,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "203",
+ "object_id_int": 203,
+ "title": "Empty Password in Connection String (header.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 203 N/A None BodgeIt ",
+ "url": "/finding/203",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 641,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "64",
+ "object_id_int": 64,
+ "title": "Empty Password in Connection String (home.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 64 N/A None BodgeIt ",
+ "url": "/finding/64",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 642,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "196",
+ "object_id_int": 196,
+ "title": "Empty Password in Connection String (home.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 196 N/A None BodgeIt ",
+ "url": "/finding/196",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 643,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "53",
+ "object_id_int": 53,
+ "title": "Empty Password in Connection String (init.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 53 N/A None BodgeIt ",
+ "url": "/finding/53",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 644,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "185",
+ "object_id_int": 185,
+ "title": "Empty Password in Connection String (init.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 185 N/A None BodgeIt ",
+ "url": "/finding/185",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 645,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "123",
+ "object_id_int": 123,
+ "title": "Empty Password in Connection String (login.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 123 N/A None BodgeIt ",
+ "url": "/finding/123",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 646,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "255",
+ "object_id_int": 255,
+ "title": "Empty Password in Connection String (login.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 255 N/A None BodgeIt ",
+ "url": "/finding/255",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 647,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "31",
+ "object_id_int": 31,
+ "title": "Empty Password in Connection String (product.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 31 N/A None BodgeIt ",
+ "url": "/finding/31",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 648,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "163",
+ "object_id_int": 163,
+ "title": "Empty Password in Connection String (product.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 163 N/A None BodgeIt ",
+ "url": "/finding/163",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 649,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "42",
+ "object_id_int": 42,
+ "title": "Empty Password in Connection String (register.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 42 N/A None BodgeIt ",
+ "url": "/finding/42",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 650,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "174",
+ "object_id_int": 174,
+ "title": "Empty Password in Connection String (register.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 174 N/A None BodgeIt ",
+ "url": "/finding/174",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 651,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "120",
+ "object_id_int": 120,
+ "title": "Empty Password in Connection String (score.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 120 N/A None BodgeIt ",
+ "url": "/finding/120",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 652,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "252",
+ "object_id_int": 252,
+ "title": "Empty Password in Connection String (score.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 252 N/A None BodgeIt ",
+ "url": "/finding/252",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 653,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "244",
+ "object_id_int": 244,
+ "title": "Empty Password in Connection String (search.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 244 N/A None BodgeIt ",
+ "url": "/finding/244",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 654,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "112",
+ "object_id_int": 112,
+ "title": "Empty Password in Connection String (search.jsp)",
+ "description": "",
+ "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 112 N/A None BodgeIt ",
+ "url": "/finding/112",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 655,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "204",
+ "object_id_int": 204,
+ "title": "Improper Resource Access Authorization (FunctionalZAP.java)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 204 N/A None BodgeIt ",
+ "url": "/finding/204",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 656,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "72",
+ "object_id_int": 72,
+ "title": "Improper Resource Access Authorization (FunctionalZAP.java)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 72 N/A None BodgeIt ",
+ "url": "/finding/72",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 657,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "273",
+ "object_id_int": 273,
+ "title": "Improper Resource Access Authorization (admin.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp None None None None None None None None None None 273 N/A None BodgeIt ",
+ "url": "/finding/273",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 658,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "201",
+ "object_id_int": 201,
+ "title": "Improper Resource Access Authorization (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 201 N/A None BodgeIt ",
+ "url": "/finding/201",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 659,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "69",
+ "object_id_int": 69,
+ "title": "Improper Resource Access Authorization (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 69 N/A None BodgeIt ",
+ "url": "/finding/69",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 660,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "119",
+ "object_id_int": 119,
+ "title": "Improper Resource Access Authorization (header.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 119 N/A None BodgeIt ",
+ "url": "/finding/119",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 661,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "251",
+ "object_id_int": 251,
+ "title": "Improper Resource Access Authorization (header.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 251 N/A None BodgeIt ",
+ "url": "/finding/251",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 662,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "237",
+ "object_id_int": 237,
+ "title": "Improper Resource Access Authorization (home.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 237 N/A None BodgeIt ",
+ "url": "/finding/237",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 663,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "105",
+ "object_id_int": 105,
+ "title": "Improper Resource Access Authorization (home.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 105 N/A None BodgeIt ",
+ "url": "/finding/105",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 664,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "95",
+ "object_id_int": 95,
+ "title": "Improper Resource Access Authorization (init.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 95 N/A None BodgeIt ",
+ "url": "/finding/95",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 665,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "227",
+ "object_id_int": 227,
+ "title": "Improper Resource Access Authorization (init.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 227 N/A None BodgeIt ",
+ "url": "/finding/227",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 666,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "250",
+ "object_id_int": 250,
+ "title": "Improper Resource Access Authorization (login.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 250 N/A None BodgeIt ",
+ "url": "/finding/250",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 667,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "118",
+ "object_id_int": 118,
+ "title": "Improper Resource Access Authorization (login.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 118 N/A None BodgeIt ",
+ "url": "/finding/118",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 668,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "32",
+ "object_id_int": 32,
+ "title": "Improper Resource Access Authorization (password.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 32 N/A None BodgeIt ",
+ "url": "/finding/32",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 669,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "164",
+ "object_id_int": 164,
+ "title": "Improper Resource Access Authorization (password.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 164 N/A None BodgeIt ",
+ "url": "/finding/164",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 670,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "198",
+ "object_id_int": 198,
+ "title": "Improper Resource Access Authorization (product.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 198 N/A None BodgeIt ",
+ "url": "/finding/198",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 671,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "66",
+ "object_id_int": 66,
+ "title": "Improper Resource Access Authorization (product.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 66 N/A None BodgeIt ",
+ "url": "/finding/66",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 672,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "271",
+ "object_id_int": 271,
+ "title": "Improper Resource Access Authorization (register.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 271 N/A None BodgeIt ",
+ "url": "/finding/271",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 673,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "139",
+ "object_id_int": 139,
+ "title": "Improper Resource Access Authorization (register.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 139 N/A None BodgeIt ",
+ "url": "/finding/139",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 674,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "246",
+ "object_id_int": 246,
+ "title": "Improper Resource Access Authorization (score.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 246 N/A None BodgeIt ",
+ "url": "/finding/246",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 675,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "114",
+ "object_id_int": 114,
+ "title": "Improper Resource Access Authorization (score.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 114 N/A None BodgeIt ",
+ "url": "/finding/114",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 676,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "104",
+ "object_id_int": 104,
+ "title": "Improper Resource Access Authorization (search.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 104 N/A None BodgeIt ",
+ "url": "/finding/104",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 677,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "236",
+ "object_id_int": 236,
+ "title": "Improper Resource Access Authorization (search.jsp)",
+ "description": "",
+ "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 236 N/A None BodgeIt ",
+ "url": "/finding/236",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 678,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "36",
+ "object_id_int": 36,
+ "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 36 N/A None BodgeIt ",
+ "url": "/finding/36",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 679,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "168",
+ "object_id_int": 168,
+ "title": "Improper Resource Shutdown or Release (AdvancedSearch.java)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 168 N/A None BodgeIt ",
+ "url": "/finding/168",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 680,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "106",
+ "object_id_int": 106,
+ "title": "Improper Resource Shutdown or Release (admin.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 106 N/A None BodgeIt ",
+ "url": "/finding/106",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 681,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "238",
+ "object_id_int": 238,
+ "title": "Improper Resource Shutdown or Release (admin.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 238 N/A None BodgeIt ",
+ "url": "/finding/238",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 682,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "245",
+ "object_id_int": 245,
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 245 N/A None BodgeIt ",
+ "url": "/finding/245",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 683,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "132",
+ "object_id_int": 132,
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 132 N/A None BodgeIt ",
+ "url": "/finding/132",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 684,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "210",
+ "object_id_int": 210,
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 210 N/A None BodgeIt ",
+ "url": "/finding/210",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 685,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "113",
+ "object_id_int": 113,
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 113 N/A None BodgeIt ",
+ "url": "/finding/113",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 686,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "78",
+ "object_id_int": 78,
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 78 N/A None BodgeIt ",
+ "url": "/finding/78",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 687,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "264",
+ "object_id_int": 264,
+ "title": "Improper Resource Shutdown or Release (basket.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 264 N/A None BodgeIt ",
+ "url": "/finding/264",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 688,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "275",
+ "object_id_int": 275,
+ "title": "Improper Resource Shutdown or Release (contact.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp None None None None None None None None None None 275 N/A None BodgeIt ",
+ "url": "/finding/275",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 689,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "144",
+ "object_id_int": 144,
+ "title": "Improper Resource Shutdown or Release (home.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 144 N/A None BodgeIt ",
+ "url": "/finding/144",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 690,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "12",
+ "object_id_int": 12,
+ "title": "Improper Resource Shutdown or Release (home.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 12 N/A None BodgeIt ",
+ "url": "/finding/12",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 691,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "76",
+ "object_id_int": 76,
+ "title": "Improper Resource Shutdown or Release (init.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 76 N/A None BodgeIt ",
+ "url": "/finding/76",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 692,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "208",
+ "object_id_int": 208,
+ "title": "Improper Resource Shutdown or Release (init.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 208 N/A None BodgeIt ",
+ "url": "/finding/208",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 693,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "253",
+ "object_id_int": 253,
+ "title": "Improper Resource Shutdown or Release (password.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 253 N/A None BodgeIt ",
+ "url": "/finding/253",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 694,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "121",
+ "object_id_int": 121,
+ "title": "Improper Resource Shutdown or Release (password.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 121 N/A None BodgeIt ",
+ "url": "/finding/121",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 695,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "122",
+ "object_id_int": 122,
+ "title": "Improper Resource Shutdown or Release (product.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 122 N/A None BodgeIt ",
+ "url": "/finding/122",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 696,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "254",
+ "object_id_int": 254,
+ "title": "Improper Resource Shutdown or Release (product.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 254 N/A None BodgeIt ",
+ "url": "/finding/254",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 697,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "232",
+ "object_id_int": 232,
+ "title": "Improper Resource Shutdown or Release (score.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 232 N/A None BodgeIt ",
+ "url": "/finding/232",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 698,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "100",
+ "object_id_int": 100,
+ "title": "Improper Resource Shutdown or Release (score.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 100 N/A None BodgeIt ",
+ "url": "/finding/100",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 699,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "93",
+ "object_id_int": 93,
+ "title": "Improper Resource Shutdown or Release (search.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 93 N/A None BodgeIt ",
+ "url": "/finding/93",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 700,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "225",
+ "object_id_int": 225,
+ "title": "Improper Resource Shutdown or Release (search.jsp)",
+ "description": "",
+ "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 225 N/A None BodgeIt ",
+ "url": "/finding/225",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 701,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "143",
+ "object_id_int": 143,
+ "title": "Information Exposure Through an Error Message (AdvancedSearch.java)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 143 N/A None BodgeIt ",
+ "url": "/finding/143",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 702,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "11",
+ "object_id_int": 11,
+ "title": "Information Exposure Through an Error Message (AdvancedSearch.java)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 11 N/A None BodgeIt ",
+ "url": "/finding/11",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 703,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "29",
+ "object_id_int": 29,
+ "title": "Information Exposure Through an Error Message (admin.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 29 N/A None BodgeIt ",
+ "url": "/finding/29",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 704,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "161",
+ "object_id_int": 161,
+ "title": "Information Exposure Through an Error Message (admin.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 161 N/A None BodgeIt ",
+ "url": "/finding/161",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 705,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "235",
+ "object_id_int": 235,
+ "title": "Information Exposure Through an Error Message (basket.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 235 N/A None BodgeIt ",
+ "url": "/finding/235",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 706,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "103",
+ "object_id_int": 103,
+ "title": "Information Exposure Through an Error Message (basket.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 103 N/A None BodgeIt ",
+ "url": "/finding/103",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 707,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "49",
+ "object_id_int": 49,
+ "title": "Information Exposure Through an Error Message (contact.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 49 N/A None BodgeIt ",
+ "url": "/finding/49",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 708,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "181",
+ "object_id_int": 181,
+ "title": "Information Exposure Through an Error Message (contact.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 181 N/A None BodgeIt ",
+ "url": "/finding/181",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 709,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "129",
+ "object_id_int": 129,
+ "title": "Information Exposure Through an Error Message (header.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 129 N/A None BodgeIt ",
+ "url": "/finding/129",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 710,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "261",
+ "object_id_int": 261,
+ "title": "Information Exposure Through an Error Message (header.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 261 N/A None BodgeIt ",
+ "url": "/finding/261",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 711,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "176",
+ "object_id_int": 176,
+ "title": "Information Exposure Through an Error Message (home.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 176 N/A None BodgeIt ",
+ "url": "/finding/176",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 712,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "44",
+ "object_id_int": 44,
+ "title": "Information Exposure Through an Error Message (home.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 44 N/A None BodgeIt ",
+ "url": "/finding/44",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 713,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "256",
+ "object_id_int": 256,
+ "title": "Information Exposure Through an Error Message (login.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 256 N/A None BodgeIt ",
+ "url": "/finding/256",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 714,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "124",
+ "object_id_int": 124,
+ "title": "Information Exposure Through an Error Message (login.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 124 N/A None BodgeIt ",
+ "url": "/finding/124",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 715,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "136",
+ "object_id_int": 136,
+ "title": "Information Exposure Through an Error Message (product.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 136 N/A None BodgeIt ",
+ "url": "/finding/136",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 716,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "268",
+ "object_id_int": 268,
+ "title": "Information Exposure Through an Error Message (product.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 268 N/A None BodgeIt ",
+ "url": "/finding/268",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 717,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "94",
+ "object_id_int": 94,
+ "title": "Information Exposure Through an Error Message (register.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 94 N/A None BodgeIt ",
+ "url": "/finding/94",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 718,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "226",
+ "object_id_int": 226,
+ "title": "Information Exposure Through an Error Message (register.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 226 N/A None BodgeIt ",
+ "url": "/finding/226",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 719,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "219",
+ "object_id_int": 219,
+ "title": "Information Exposure Through an Error Message (score.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 219 N/A None BodgeIt ",
+ "url": "/finding/219",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 720,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "87",
+ "object_id_int": 87,
+ "title": "Information Exposure Through an Error Message (score.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 87 N/A None BodgeIt ",
+ "url": "/finding/87",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 721,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "107",
+ "object_id_int": 107,
+ "title": "Information Exposure Through an Error Message (search.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 107 N/A None BodgeIt ",
+ "url": "/finding/107",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 722,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "239",
+ "object_id_int": 239,
+ "title": "Information Exposure Through an Error Message (search.jsp)",
+ "description": "",
+ "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 239 N/A None BodgeIt ",
+ "url": "/finding/239",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 723,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "84",
+ "object_id_int": 84,
+ "title": "Missing X Frame Options (web.xml)",
+ "description": "",
+ "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 84 N/A None BodgeIt ",
+ "url": "/finding/84",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 724,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "142",
+ "object_id_int": 142,
+ "title": "Missing X Frame Options (web.xml)",
+ "description": "",
+ "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 142 N/A None BodgeIt ",
+ "url": "/finding/142",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 725,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "216",
+ "object_id_int": 216,
+ "title": "Missing X Frame Options (web.xml)",
+ "description": "",
+ "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 216 N/A None BodgeIt ",
+ "url": "/finding/216",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 726,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "10",
+ "object_id_int": 10,
+ "title": "Missing X Frame Options (web.xml)",
+ "description": "",
+ "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 10 N/A None BodgeIt ",
+ "url": "/finding/10",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 727,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "153",
+ "object_id_int": 153,
+ "title": "Not Using a Random IV With CBC Mode (AES.java)",
+ "description": "",
+ "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 153 N/A None BodgeIt ",
+ "url": "/finding/153",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 728,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "21",
+ "object_id_int": 21,
+ "title": "Not Using a Random IV With CBC Mode (AES.java)",
+ "description": "",
+ "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 21 N/A None BodgeIt ",
+ "url": "/finding/21",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 729,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "180",
+ "object_id_int": 180,
+ "title": "Plaintext Storage in a Cookie (basket.jsp)",
+ "description": "",
+ "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 180 N/A None BodgeIt ",
+ "url": "/finding/180",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 730,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "48",
+ "object_id_int": 48,
+ "title": "Plaintext Storage in a Cookie (basket.jsp)",
+ "description": "",
+ "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 48 N/A None BodgeIt ",
+ "url": "/finding/48",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 731,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "70",
+ "object_id_int": 70,
+ "title": "Race Condition Format Flaw (basket.jsp)",
+ "description": "",
+ "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 70 N/A None BodgeIt ",
+ "url": "/finding/70",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 732,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "202",
+ "object_id_int": 202,
+ "title": "Race Condition Format Flaw (basket.jsp)",
+ "description": "",
+ "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 202 N/A None BodgeIt ",
+ "url": "/finding/202",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 733,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "130",
+ "object_id_int": 130,
+ "title": "Race Condition Format Flaw (product.jsp)",
+ "description": "",
+ "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 130 N/A None BodgeIt ",
+ "url": "/finding/130",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 734,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "262",
+ "object_id_int": 262,
+ "title": "Race Condition Format Flaw (product.jsp)",
+ "description": "",
+ "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 262 N/A None BodgeIt ",
+ "url": "/finding/262",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 735,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "30",
+ "object_id_int": 30,
+ "title": "Reliance on Cookies in a Decision (basket.jsp)",
+ "description": "",
+ "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 30 N/A None BodgeIt ",
+ "url": "/finding/30",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 736,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "162",
+ "object_id_int": 162,
+ "title": "Reliance on Cookies in a Decision (basket.jsp)",
+ "description": "",
+ "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 162 N/A None BodgeIt ",
+ "url": "/finding/162",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 737,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "109",
+ "object_id_int": 109,
+ "title": "Reliance on Cookies in a Decision (login.jsp)",
+ "description": "",
+ "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 109 N/A None BodgeIt ",
+ "url": "/finding/109",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 738,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "241",
+ "object_id_int": 241,
+ "title": "Reliance on Cookies in a Decision (login.jsp)",
+ "description": "",
+ "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 241 N/A None BodgeIt ",
+ "url": "/finding/241",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 739,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "221",
+ "object_id_int": 221,
+ "title": "Reliance on Cookies in a Decision (register.jsp)",
+ "description": "",
+ "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 221 N/A None BodgeIt ",
+ "url": "/finding/221",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 740,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "89",
+ "object_id_int": 89,
+ "title": "Reliance on Cookies in a Decision (register.jsp)",
+ "description": "",
+ "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 89 N/A None BodgeIt ",
+ "url": "/finding/89",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 741,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "218",
+ "object_id_int": 218,
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
+ "description": "",
+ "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 218 N/A None BodgeIt ",
+ "url": "/finding/218",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 742,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "86",
+ "object_id_int": 86,
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)",
+ "description": "",
+ "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 86 N/A None BodgeIt ",
+ "url": "/finding/86",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 743,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "37",
+ "object_id_int": 37,
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
+ "description": "",
+ "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 37 N/A None BodgeIt ",
+ "url": "/finding/37",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 744,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "169",
+ "object_id_int": 169,
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)",
+ "description": "",
+ "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 169 N/A None BodgeIt ",
+ "url": "/finding/169",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 745,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "128",
+ "object_id_int": 128,
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
+ "description": "",
+ "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 128 N/A None BodgeIt ",
+ "url": "/finding/128",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 746,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "260",
+ "object_id_int": 260,
+ "title": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)",
+ "description": "",
+ "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 260 N/A None BodgeIt ",
+ "url": "/finding/260",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 747,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "23",
+ "object_id_int": 23,
+ "title": "Stored Boundary Violation (login.jsp)",
+ "description": "",
+ "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 23 N/A None BodgeIt ",
+ "url": "/finding/23",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 748,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "155",
+ "object_id_int": 155,
+ "title": "Stored Boundary Violation (login.jsp)",
+ "description": "",
+ "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 155 N/A None BodgeIt ",
+ "url": "/finding/155",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 749,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "205",
+ "object_id_int": 205,
+ "title": "Suspected XSS (contact.jsp)",
+ "description": "",
+ "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 205 N/A None BodgeIt ",
+ "url": "/finding/205",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 750,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "73",
+ "object_id_int": 73,
+ "title": "Suspected XSS (contact.jsp)",
+ "description": "",
+ "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 73 N/A None BodgeIt ",
+ "url": "/finding/73",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 751,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "171",
+ "object_id_int": 171,
+ "title": "Suspected XSS (password.jsp)",
+ "description": "",
+ "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 171 N/A None BodgeIt ",
+ "url": "/finding/171",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 752,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "39",
+ "object_id_int": 39,
+ "title": "Suspected XSS (password.jsp)",
+ "description": "",
+ "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 39 N/A None BodgeIt ",
+ "url": "/finding/39",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 753,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "243",
+ "object_id_int": 243,
+ "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)",
+ "description": "",
+ "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 243 N/A None BodgeIt ",
+ "url": "/finding/243",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 754,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "111",
+ "object_id_int": 111,
+ "title": "Unsynchronized Access to Shared Data (AdvancedSearch.java)",
+ "description": "",
+ "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 111 N/A None BodgeIt ",
+ "url": "/finding/111",
+ "meta_encoded": "{\"status\": \"Inactive\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Low\", \"severity_display\": \"Low\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 755,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "282",
+ "object_id_int": 282,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 282 None None BodgeIt ",
+ "url": "/finding/282",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 756,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "299",
+ "object_id_int": 299,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 299 None None BodgeIt ",
+ "url": "/finding/299",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 757,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "298",
+ "object_id_int": 298,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 298 None None BodgeIt ",
+ "url": "/finding/298",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 758,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "294",
+ "object_id_int": 294,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 294 None None BodgeIt ",
+ "url": "/finding/294",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 759,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "293",
+ "object_id_int": 293,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 293 None None BodgeIt ",
+ "url": "/finding/293",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 760,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "291",
+ "object_id_int": 291,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 291 None None BodgeIt ",
+ "url": "/finding/291",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 761,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "290",
+ "object_id_int": 290,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 290 None None BodgeIt ",
+ "url": "/finding/290",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 762,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "289",
+ "object_id_int": 289,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 289 None None BodgeIt ",
+ "url": "/finding/289",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 763,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "287",
+ "object_id_int": 287,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 287 None None BodgeIt ",
+ "url": "/finding/287",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 764,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "286",
+ "object_id_int": 286,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 286 None None BodgeIt ",
+ "url": "/finding/286",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 765,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "297",
+ "object_id_int": 297,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 297 None None BodgeIt ",
+ "url": "/finding/297",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 766,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "285",
+ "object_id_int": 285,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 285 None None BodgeIt ",
+ "url": "/finding/285",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 767,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "296",
+ "object_id_int": 296,
+ "title": "Comment Indicates Potentially Unfinished Code",
+ "description": "",
+ "content": "Comment Indicates Potentially Unfinished Code None None None Info Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n None None None S4 None None 5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db None None None None None None None None None None None 296 None None BodgeIt ",
+ "url": "/finding/296",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 768,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "306",
+ "object_id_int": 306,
+ "title": "Cross-Site Request Forgery",
+ "description": "",
+ "content": "Cross-Site Request Forgery None None None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None None None None None None None None None None None 306 None None BodgeIt ",
+ "url": "/finding/306",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 769,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "344",
+ "object_id_int": 344,
+ "title": "Cross-Site Request Forgery",
+ "description": "",
+ "content": "Cross-Site Request Forgery None None None Info URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n \n\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\n\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \n Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\n\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\n\n\n None None \n\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\n\n\n S4 None None 1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa None None None None None None None None None None None 344 None None BodgeIt ",
+ "url": "/finding/344",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 770,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "343",
+ "object_id_int": 343,
+ "title": "Email Addresses Disclosed",
+ "description": "",
+ "content": "Email Addresses Disclosed None None None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None None None None None None None None None None None 343 None None BodgeIt ",
+ "url": "/finding/343",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 771,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "305",
+ "object_id_int": 305,
+ "title": "Email Addresses Disclosed",
+ "description": "",
+ "content": "Email Addresses Disclosed None None None Info URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n \n\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\n\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \n The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\n\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\n None None S4 None None 2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f None None None None None None None None None None None 305 None None BodgeIt ",
+ "url": "/finding/305",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 772,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "301",
+ "object_id_int": 301,
+ "title": "Frameable Response (Potential Clickjacking)",
+ "description": "",
+ "content": "Frameable Response (Potential Clickjacking) None None None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 301 None None BodgeIt ",
+ "url": "/finding/301",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 773,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "339",
+ "object_id_int": 339,
+ "title": "Frameable Response (Potential Clickjacking)",
+ "description": "",
+ "content": "Frameable Response (Potential Clickjacking) None None None Info URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n \n\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\n If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\n\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \"framebusting\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\n\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \n None None \n\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 339 None None BodgeIt ",
+ "url": "/finding/339",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 774,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "308",
+ "object_id_int": 308,
+ "title": "Path-Relative Style Sheet Import",
+ "description": "",
+ "content": "Path-Relative Style Sheet Import None None None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 308 None None BodgeIt ",
+ "url": "/finding/308",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 775,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "346",
+ "object_id_int": 346,
+ "title": "Path-Relative Style Sheet Import",
+ "description": "",
+ "content": "Path-Relative Style Sheet Import None None None Info URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n \n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n Path-relative style sheet import vulnerabilities arise when the following conditions hold:\n\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \"/original-path/file.php\" might import \"styles/main.css\").\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \"/original-path/file.php/extra-junk/\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \"/original-path/file.php/extra-junk/styles/main.css\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\n\n\n\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\n\n * Executing arbitrary JavaScript using IE's expression() function.\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\n\n\n None None \n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\n\n\n S4 None None e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d None None None None None None None None None None None 346 None None BodgeIt ",
+ "url": "/finding/346",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"BodgeIt\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "watson.searchentry",
+ "pk": 776,
+ "fields": {
+ "engine_slug": "default",
+ "content_type": [
+ "dojo",
+ "finding"
+ ],
+ "object_id": "279",
+ "object_id_int": 279,
+ "title": "Test",
+ "description": "",
+ "content": "Test None None No url given Info asdf adf asdf No references given S4 None None df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5 None None None None None None None None None None None 279 No url given None Internal CRM App ",
+ "url": "/finding/279",
+ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}"
+ }
+},
+{
+ "model": "authtoken.token",
+ "pk": "184770c4c3256aba904297610fbb4da3fa15ba39",
+ "fields": {
+ "user": [
+ "product_manager"
+ ],
+ "created": "2021-07-04T23:16:45.502Z"
+ }
+},
+{
+ "model": "authtoken.token",
+ "pk": "548afd6fab3bea9794a41b31da0e9404f733e222",
+ "fields": {
+ "user": [
+ "admin"
+ ],
+ "created": "2021-07-04T23:16:45.506Z"
+ }
+},
+{
+ "model": "authtoken.token",
+ "pk": "6d45bc1d2e5cea8c4559edd68f910cc485f61708",
+ "fields": {
+ "user": [
+ "user2"
+ ],
+ "created": "2021-07-04T23:16:45.509Z"
+ }
}
]
diff --git a/fixture-updater b/fixture-updater
index 220ea5859c951e2bd4c9620a8984a3d5e827ad03..1f632b31502184b39ac1936ce718808562b74ec3 100755
GIT binary patch
delta 751
zcmbWx*-}yg0D$4Cz|1l<(@NX4MN{c)a2B!>w;+K7$*L{FiKF6LN6@szvKg*)#w*7Q
z-=GWccpqQDN1(q~=;FKlXa3Xu1J@}|{&=QJ2_vP7i)A@zZRIK<$CnAqLP$@V!L&bF
zipz>Gva&2{^NNs}P}WS_x2j6IH*03aB~vwptg{jIPH#?*C6rhyuIW~IeRQ|(sn$K`
za2^-nf*TFEh(=sO6E5QlnsF8X+7`6p8rpCj?dZS_+{7((q6@ci2X}D~_tA|WJitRd
z!ejKJ4^PmK0Sv;6rw|}Qf(!*d_@P3BUaNZybFWWQ6kStQC2#o)M$s-xmR-o}mLS4W+1g>ZJK5DJX#r6UNK*Ca*gyc!FofrLftMIY5F;4H7{)PyR|p}D*O){E
zQN&;(js)J+j*h2h=l*l@kV&EHxRXdBjSRBLVHz`di+6aB512(B1z7lqB5cfI9t$X8
s5ldLc3Rba(PxuT6>nNjw4Q%2Iwy=$__=fNJfgSwBFYMMF_wTddU$bEzxc~qF
delta 751
zcmbWx$x_n*0D$3PsUWDu1p!eMaKWV}X_hVuT7hEG5|Gf=3PRc>v{ERwps9iz%=Dx)
zoEQ$gfd_7VA6|e*s6VgZ;XD2_|M8!_=3^ZF_0Fo}xz#`->xR_Pn6VNYQ`R;NLDnYS
zv|F^N^D)av`f~9?xgsQ^^1ALQMNJC&QhG`(=$bCL`RH6cCq+s|+ALKzXQmR1;!fRL
zt$Q2Lh$b|{gEMGBE6$<~?Kp??xPa5P0~c`#mvIH1xQZ@xqX*Z}i|e?7KHS7D^kV>n
zxQ#owi+dQteLTQJJc198AwYx#KV&FSp&@`^t?mu!zlSoSsb*{~m^J;9omCyvwj{-r
zWHS)7L`e?Gj;dLzqwM#4jNVo;5EhlNU#%V-h7iURJjF0Z@C?rp!3&IH4C9Dm0xuE6
zBwpb);+TStY0ThF?ci{BY56}V_n8!`WsiY5B#=Z3Z;{43%wqxXv4|y@$RG;~HXJM?
whde%D1qG~P4MnV@gpVj=1Dp7S&u~$}7ktGQw($+$@dH2c3p=&4XZIxX56WF3LI3~&
diff --git a/unittests/test_sample_data.py b/unittests/test_sample_data.py
index d1ebe4b5beb..f6a4db6d8a1 100644
--- a/unittests/test_sample_data.py
+++ b/unittests/test_sample_data.py
@@ -5,6 +5,17 @@
class TestSampleData(DojoTestCase):
def test_loaddata(self):
+ """
+ The expected command to generate the fixture file is as follows:
+
+ python3 manage.py dumpdata \
+ --exclude auth.permission \
+ --exclude contenttypes \
+ --natural-foreign \
+ --natural-primary \
+ --indent 2 \
+ > /app/dojo/fixtures/defect_dojo_sample_data.json
+ """
try:
call_command("loaddata", "dojo/fixtures/defect_dojo_sample_data", verbosity=0)
except Exception as e:
|